Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.07.2012, 22:02   #1
montyburns
 
Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt" - Standard

Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"



Hallo zusammen,

ich habe diesen Trojaner / Virus auf meinem Rechner: hxxp://img.trojaner-board.de/bundespolizei.png

Zuerst habe ich Malwarebytes im abgesicherten Modus upgedatet und laufen lassen. Aus Versehen habe ich die infizierten Dateien mit dem Programm gelöscht und nicht in Quarantäne geschoben. Da ich danach immer noch nicht im normalen Betrieb auf mein Desktop zugreifen konnte, habe ich das Programm noch einmal darüber laufen lassen (nur noch Warnungen, keine Funde mehr). Die beiden Log-Files jeweils anbei.

Nach diesem Schritt konnte ich immer noch nicht im normalen Betrieb auf mein Desktop zugreifen. Deshalb habe ich mir die Avira Rescue Disk gebrannt und habe diese über mein System laufen lassen. Dies hat mir insofern weitergeholfen, dass ich nun wieder im normalen Modus arbeiten kann. Die Log-Datei von Avira ebenfalls anbei.

Nun zu meinen Fragen:
Was ist nun noch zu tun?
Wie überprüfe ich, dass mein System sauber ist?
Komme ich überhaupt ohne das Neuaufsetzen meines PCs aus?

Danke für eure Hilfe!
Angehängte Dateien
Dateityp: txt AVSCAN-20120627.txt (23,2 KB, 214x aufgerufen)
Dateityp: txt mbam-log-2012-06-27 (19-35-08).txt (8,9 KB, 156x aufgerufen)
Dateityp: txt mbam-log-2012-06-27 (22-09-52).txt (2,2 KB, 161x aufgerufen)

Geändert von montyburns (01.07.2012 um 22:56 Uhr)

Alt 02.07.2012, 16:49   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt" - Standard

Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"



Die Scans sind ja schon fast ne Woche her

Bitte routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 06.07.2012, 01:19   #3
montyburns
 
Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt" - Standard

Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"



Hallo cosinus,

entschuldige die späte Antwort. Zu dem von dir beschriebenen Vorgehen:

1. Malwarebytes
Ich habe einen weiteren Scan durchgeführt. Siehe unten.

Code:
ATTFilter
 

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Max Mustermann :: MaxMustermann-PC [Administrator]

02.07.2012 19:51:31
mbam-log-2012-07-02 (19-51-31).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 390919
Laufzeit: 2 Stunde(n), 29 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\aegtcpvf.exe.vir (Trojan.Winlock.G) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\uvzbdawn.exe.vir (Trojan.Winlock.G) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Der letzte Scan davor stammt aus November 2011:

Code:
ATTFilter
 

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8211

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

21.11.2011 23:03:02
mbam-log-2011-11-21 (23-03-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 202195
Laufzeit: 1 Stunde(n), 13 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
2. ESET
Unten stehend das ESET-Log.

Code:
ATTFilter
 

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1db87c2a7371cb48bd27fbec71f2bc81
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-04 11:37:52
# local_time=2012-07-05 01:37:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 50481749 50481749 0 0
# compatibility_mode=1792 16777215 100 0 19268398 19268398 0 0
# compatibility_mode=5892 16776573 100 100 1120 178967089 0 0
# compatibility_mode=8192 67108863 100 0 167 167 0 0
# scanned=189741
# found=3
# cleaned=0
# scan_time=10711
C:\Users\Max Mustermann\Downloads\ps_radio2015.exe.vir	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Max Mustermann\Downloads\registrybooster.exe	a variant of Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Max Mustermann\Downloads\SoftonicDownloader32736.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
         
Wenn die Logs jeweils ein paar Tage alt sind, lass dich davon bitte nicht irritieren. Der PC war dann auch die ganze Zeit nicht angeschaltet.

Danke weiterhin für dein Feedback und die Unterstützung!
__________________

Alt 06.07.2012, 10:56   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt" - Standard

Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"



Code:
ATTFilter
C:\Users\Max Mustermann\Downloads\registrybooster.exe	a variant of Win32/RegistryBooster application (unable to clean)
         
Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Code:
ATTFilter
C:\Users\Max Mustermann\Downloads\SoftonicDownloader32736.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)
         
Vermüllte Software von Softonic scheint gerade stark in Mode zu sein!

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen


Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.07.2012, 17:14   #5
montyburns
 
Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt" - Standard

Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"



Hallo Arne,

sorry für die erneut späte Antwort - ich war einige Tage unterwegs.

Ich habe den CC-Cleaner deinstalliert und die Softonic-Datei gelöscht.

Zu deinen Fragen:

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?

Ja, es scheint alles zu funktionieren. Die einzige (augenscheinliche) Veränderung ist, dass der Desktophintergrund nun schwarz ist (vorher individuelle Grafik).

2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Nein, ich vermisse nichts. Was mir allerdings auffällt: unter "Program Data" sehe ich eine Datei namens "lsvukeynxhvxwlp" mit einem jungen Änderungsdatum (27.6.) und außerdem einen Ordner namens "fcrjnefwpxjskbb". Hinter diesem Ordner liegen die Grafikelemente, die für die Anzeige des Screens "Bundespolizei" verwendet wurden.

Wie geht es nun weiter? Wie kann ich herausfinden, dass mein Rechner definitiv "clean" ist? Oder setze ich Windows am besten neu auf?

Danke & Gruß


Alt 12.07.2012, 19:50   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt" - Standard

Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"

Alt 12.07.2012, 21:20   #7
montyburns
 
Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt" - Standard

Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"



Hallo, unten der Inhalt der Textdatei. Gruß

Code:
ATTFilter
# AdwCleaner v1.701 - Logfile created 07/12/2012 at 21:15:50
# Updated 02/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Max Mustermann - MaxMustermann-PC
# Running from : C:\Users\Max Mustermann\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Max Mustermann\AppData\Local\OpenCandy
Folder Found : C:\Users\Max Mustermann\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Max Mustermann\AppData\LocalLow\Conduit
Folder Found : C:\Users\Max Mustermann\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Max Mustermann\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Max Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\6bxs5b0k.default\Conduit
Folder Found : C:\Users\Max Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\6bxs5b0k.default\ConduitEngine
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\vShare.tv plugin
File Found : C:\Users\Max~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2206084[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Max Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\6bxs5b0k.default\prefs.js

Found : user_pref("CT2206084.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2206084.CTID", "CT2206084");
Found : user_pref("CT2206084.CurrentServerDate", "8-8-2010");
Found : user_pref("CT2206084.DialogsAlignMode", "LTR");
Found : user_pref("CT2206084.DownloadReferralCookieData", "");
Found : user_pref("CT2206084.EMailNotifierPollDate", "Sun Aug 08 2010 21:15:26 GMT+0200");
Found : user_pref("CT2206084.FeedLastCount128311388426518939", 498);
Found : user_pref("CT2206084.FeedPollDate128394382574669410", "Sun Aug 08 2010 21:15:28 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128394382574669411", "Sun Aug 08 2010 21:15:29 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128394382574669412", "Sun Aug 08 2010 21:15:29 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128394382574669413", "Sun Aug 08 2010 21:15:29 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128394382574669414", "Sun Aug 08 2010 21:15:29 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128559429569307240", "Sun Aug 08 2010 21:15:29 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128801410134769526", "Sun Aug 08 2010 21:15:28 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128801410271643768", "Sun Aug 08 2010 21:15:28 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128801410648675207", "Sun Aug 08 2010 21:15:28 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128801410803831945", "Sun Aug 08 2010 21:15:28 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128801411020863399", "Sun Aug 08 2010 21:15:28 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128801411145707150", "Sun Aug 08 2010 21:15:28 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128801411258362590", "Sun Aug 08 2010 21:15:28 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128801411369456587", "Sun Aug 08 2010 21:15:28 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128801411490081588", "Sun Aug 08 2010 21:15:28 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128801411659613144", "Sun Aug 08 2010 21:15:27 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128801411801956980", "Sun Aug 08 2010 21:15:27 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128801411974300317", "Sun Aug 08 2010 21:15:27 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128895535588356636", "Sun Aug 08 2010 21:15:27 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128895536575232020", "Sun Aug 08 2010 21:15:27 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128895541734450320", "Sun Aug 08 2010 21:15:29 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128896127456250507", "Sun Aug 08 2010 21:15:27 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128896133101250708", "Sun Aug 08 2010 21:15:27 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128896136655781447", "Sun Aug 08 2010 21:15:27 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128896138140469441", "Sun Aug 08 2010 21:15:27 GMT+0200");
Found : user_pref("CT2206084.FeedPollDate128896149451719443", "Sun Aug 08 2010 21:15:27 GMT+0200");
Found : user_pref("CT2206084.FeedTTL128801411258362590", 5);
Found : user_pref("CT2206084.FeedTTL128801411490081588", 30);
Found : user_pref("CT2206084.FeedTTL128801411974300317", 5);
Found : user_pref("CT2206084.FeedTTL128895535588356636", 5);
Found : user_pref("CT2206084.FeedTTL128896138140469441", 2);
Found : user_pref("CT2206084.FirstServerDate", "8-8-2010");
Found : user_pref("CT2206084.FirstTime", true);
Found : user_pref("CT2206084.FirstTimeFF3", true);
Found : user_pref("CT2206084.FirstTimeSettingsDone", true);
Found : user_pref("CT2206084.FixPageNotFoundErrors", true);
Found : user_pref("CT2206084.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2206084.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2206084.Initialize", true);
Found : user_pref("CT2206084.InitializeCommonPrefs", true);
Found : user_pref("CT2206084.InstallationAndCookieDataSentCount", 1);
Found : user_pref("CT2206084.InstallationId", "Softonic_CT2206084_FormatFactory245_2ndRelease.exe");
Found : user_pref("CT2206084.InstallationType", "ConduitIntegration");
Found : user_pref("CT2206084.InstalledDate", "Sun Aug 08 2010 21:15:26 GMT+0200");
Found : user_pref("CT2206084.InvalidateCache", false);
Found : user_pref("CT2206084.IsGrouping", false);
Found : user_pref("CT2206084.IsMulticommunity", false);
Found : user_pref("CT2206084.IsOpenThankYouPage", true);
Found : user_pref("CT2206084.IsOpenUninstallPage", true);
Found : user_pref("CT2206084.LanguagePackLastCheckTime", "Sun Aug 08 2010 21:15:28 GMT+0200");
Found : user_pref("CT2206084.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2206084.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2206084.LastLogin_2.7.1.3", "Sun Aug 08 2010 21:15:27 GMT+0200");
Found : user_pref("CT2206084.LatestVersion", "2.1.0.18");
Found : user_pref("CT2206084.Locale", "de-de");
Found : user_pref("CT2206084.LoginCache", 4);
Found : user_pref("CT2206084.MCDetectTooltipHeight", "83");
Found : user_pref("CT2206084.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2206084.MCDetectTooltipWidth", "295");
Found : user_pref("CT2206084.RadioIsPodcast", false);
Found : user_pref("CT2206084.RadioLastCheckTime", "Sun Aug 08 2010 21:15:27 GMT+0200");
Found : user_pref("CT2206084.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2206084.RadioLastUpdateServer", "128939446421370000");
Found : user_pref("CT2206084.RadioMediaID", "10559111");
Found : user_pref("CT2206084.RadioMediaType", "Media Player");
Found : user_pref("CT2206084.RadioMenuSelectedID", "EBRadioMenu_CT220608410559111");
Found : user_pref("CT2206084.RadioShrinked", "shrinked");
Found : user_pref("CT2206084.RadioStationName", "Antenne%20Bayern%20Top%2040");
Found : user_pref("CT2206084.RadioStationURL", "hxxp://channels.webradio.antenne.de/top-40");
Found : user_pref("CT2206084.SHRINK_TOOLBAR", 0);
Found : user_pref("CT2206084.SavedHomepage", "hxxp://www.google.de/news");
Found : user_pref("CT2206084.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2206084.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2206084.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT220[...]
Found : user_pref("CT2206084.SearchInNewTabEnabled", true);
Found : user_pref("CT2206084.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2206084.SearchInNewTabLastCheckTime", "Sun Aug 08 2010 21:15:28 GMT+0200");
Found : user_pref("CT2206084.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2206084.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2206084.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2206084.SettingsLastCheckTime", "Sun Aug 08 2010 21:15:25 GMT+0200");
Found : user_pref("CT2206084.SettingsLastUpdate", "1281281766");
Found : user_pref("CT2206084.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2206084.ThirdPartyComponentsLastCheck", "Sun Aug 08 2010 21:15:24 GMT+0200");
Found : user_pref("CT2206084.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2206084.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2206084.UserID", "UN84885645598895223");
Found : user_pref("CT2206084.ValidationData_Toolbar", 2);
Found : user_pref("CT2206084.WeatherNetwork", "");
Found : user_pref("CT2206084.WeatherPollDate", "Sun Aug 08 2010 21:15:27 GMT+0200");
Found : user_pref("CT2206084.WeatherUnit", "C");
Found : user_pref("CT2206084.alertChannelId", "604380");
Found : user_pref("CT2206084.clientLogIsEnabled", true);
Found : user_pref("CT2206084.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2206084.myStuffEnabled", true);
Found : user_pref("CT2206084.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2206084.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2206084.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2206084.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2206084.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2613550.CTID", "ct2613550");
Found : user_pref("CT2613550.CurrentServerDate", "3-8-2010");
Found : user_pref("CT2613550.DialogsAlignMode", "LTR");
Found : user_pref("CT2613550.DownloadReferralCookieData", "");
Found : user_pref("CT2613550.EMailNotifierPollDate", "Tue Aug 03 2010 15:50:52 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129249153475517549", "Tue Aug 03 2010 15:10:50 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129249153475517555", "Tue Aug 03 2010 15:10:50 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129249153475517561", "Tue Aug 03 2010 15:10:50 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129249153475517567", "Tue Aug 03 2010 15:10:50 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129249153475517573", "Tue Aug 03 2010 15:10:50 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129249153475517579", "Tue Aug 03 2010 15:10:50 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129249153475517585", "Tue Aug 03 2010 15:10:50 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129249153475517591", "Tue Aug 03 2010 15:10:50 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129249153475517597", "Tue Aug 03 2010 15:10:51 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129249153475517603", "Tue Aug 03 2010 15:10:51 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129249153475517609", "Tue Aug 03 2010 15:10:51 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129249153475517615", "Tue Aug 03 2010 15:10:51 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129249153475517621", "Tue Aug 03 2010 15:10:51 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129249153475517627", "Tue Aug 03 2010 15:10:51 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129249153475517633", "Tue Aug 03 2010 15:10:51 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129249153475517639", "Tue Aug 03 2010 15:10:51 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129249153475517645", "Tue Aug 03 2010 15:10:52 GMT+0200");
Found : user_pref("CT2613550.FeedTTL129249153475517561", 5);
Found : user_pref("CT2613550.FeedTTL129249153475517567", 5);
Found : user_pref("CT2613550.FeedTTL129249153475517591", 2);
Found : user_pref("CT2613550.FeedTTL129249153475517621", 5);
Found : user_pref("CT2613550.FeedTTL129249153475517633", 30);
Found : user_pref("CT2613550.FirstServerDate", "3-8-2010");
Found : user_pref("CT2613550.FirstTime", true);
Found : user_pref("CT2613550.FirstTimeFF3", true);
Found : user_pref("CT2613550.FirstTimeSettingsDone", true);
Found : user_pref("CT2613550.FixPageNotFoundErrors", true);
Found : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2613550.Initialize", true);
Found : user_pref("CT2613550.InitializeCommonPrefs", true);
Found : user_pref("CT2613550.InstallationAndCookieDataSentCount", 2);
Found : user_pref("CT2613550.InstallationType", "UnknownIntegration");
Found : user_pref("CT2613550.InstalledDate", "Tue Aug 03 2010 15:10:45 GMT+0200");
Found : user_pref("CT2613550.IsGrouping", false);
Found : user_pref("CT2613550.IsMulticommunity", false);
Found : user_pref("CT2613550.IsOpenThankYouPage", false);
Found : user_pref("CT2613550.IsOpenUninstallPage", true);
Found : user_pref("CT2613550.LanguagePackLastCheckTime", "Tue Aug 03 2010 15:10:51 GMT+0200");
Found : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2613550.LastLogin_2.6.0.15", "Tue Aug 03 2010 15:10:50 GMT+0200");
Found : user_pref("CT2613550.LatestVersion", "2.7.1.3");
Found : user_pref("CT2613550.Locale", "de-de");
Found : user_pref("CT2613550.LoginCache", 4);
Found : user_pref("CT2613550.MCDetectTooltipHeight", "83");
Found : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2613550.MCDetectTooltipWidth", "295");
Found : user_pref("CT2613550.RadioIsPodcast", false);
Found : user_pref("CT2613550.RadioMediaID", "8546");
Found : user_pref("CT2613550.RadioMediaType", "Media Player");
Found : user_pref("CT2613550.RadioMenuSelectedID", "EBRadioMenu_CT26135508546");
Found : user_pref("CT2613550.RadioStationName", "Radio%208");
Found : user_pref("CT2613550.RadioStationURL", "hxxp://stream.radio8.de:8000/live.m3u");
Found : user_pref("CT2613550.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...]
Found : user_pref("CT2613550.SearchInNewTabEnabled", true);
Found : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2613550.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2613550.SettingsLastCheckTime", "Tue Aug 03 2010 15:10:44 GMT+0200");
Found : user_pref("CT2613550.SettingsLastUpdate", "1280441747");
Found : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Tue Aug 03 2010 15:10:44 GMT+0200");
Found : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2613550.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2613550.UserID", "UN26113560332241326");
Found : user_pref("CT2613550.ValidationData_Toolbar", 1);
Found : user_pref("CT2613550.WeatherNetwork", "");
Found : user_pref("CT2613550.WeatherPollDate", "Tue Aug 03 2010 15:40:51 GMT+0200");
Found : user_pref("CT2613550.WeatherUnit", "C");
Found : user_pref("CT2613550.alertChannelId", "1006347");
Found : user_pref("CT2613550.clientLogIsEnabled", true);
Found : user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2613550.components.1000082", true);
Found : user_pref("CT2613550.components.1000234", true);
Found : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
Found : user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 344);
Found : user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true);
Found : user_pref("CT2613550.ct2613550.InvalidateCache", false);
Found : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Tue Aug 03 2010 15:10:51 GMT+0200");
Found : user_pref("CT2613550.ct2613550.Locale", "de-de");
Found : user_pref("CT2613550.ct2613550.RadioLastCheckTime", "Tue Aug 03 2010 15:10:51 GMT+0200");
Found : user_pref("CT2613550.ct2613550.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2613550.ct2613550.RadioLastUpdateServer", "0");
Found : user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Found : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Tue Aug 03 2010 15:10:50 GMT+0200");
Found : user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Tue Aug 03 2010 15:10:49 GMT+0200");
Found : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1280441747");
Found : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Tue Aug 03 2010 15:10:49 GMT+0200");
Found : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2613550.myStuffEnabled", true);
Found : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2613550,CT2206084,ConduitEngine");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550,CT2206084");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Apr 03 2011 10:51:13 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertEnabled", false);
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Apr 16 2011 22:31:09 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 29 2011 23:23:00 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "b7464808-3905-41ed-a65e-88569191bdca");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Aug 03 2010 15:10:51 GMT+0200");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2206084");
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 23 2011 21:31:19 GMT+0200");
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Apr 16 2011 21:35:23 GMT+0200");
Found : user_pref("ConduitEngine.FirstServerDate", "04/03/2011 11");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Sun Apr 03 2011 10:51:14 GMT+0200");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Apr 16 2011 22:31:02 GMT+0200");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sun Apr 17 2011 16:52:47 GMT+0200");
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Apr 17 2011 16:52:47 GMT+0200");
Found : user_pref("ConduitEngine.UserID", "UN08847629811459246");
Found : user_pref("ConduitEngine.approveUntrustedApps", true);
Found : user_pref("ConduitEngine.componentAlertEnabled", false);
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Apr 16 2011 22:31:02 GMT+0200");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun Apr 17 2011 16:52:47 GMT+0200");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("ConduitEngine.isDetectionEnabled", false);
Found : user_pref("ConduitEngine.usageEnabled", false);
Found : user_pref("ConduitEngine.usagesFlag", 2);
Found : user_pref("browser.search.defaultengine", "Web Search");
Found : user_pref("browser.search.defaultenginename", "Search the web");
Found : user_pref("browser.search.defaultthis.engineName", "Softonic Deutsch FF Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&Sea[...]
Found : user_pref("browser.search.order.1", "Search the web");
Found : user_pref("browser.search.selectedEngine", "Search the web");
Found : user_pref("extensions.ui.lastCategory", "addons://search/softonic");
Found : user_pref("vshare.install.date", "1285027200000");
Found : user_pref("vshare.install.finished", "1.0.0");
Found : user_pref("vshare.install.guid", "{3242449c-491a-4177-92d1-eb948bf836c1}");
Found : user_pref("vshare.install.isHidden", true);
Found : user_pref("vshare.install.laststatreq", "1309392000000");
Found : user_pref("vshare.install.newtab", false);

-\\ Google Chrome v20.0.1132.47

File : C:\Users\Max Mustermann\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :       "keyword": "startsear.ch",
Found :       "name": "Web Search",
Found :       "search_url": "hxxp://startsear.ch/?aff=1&q={searchTerms}",
Found :                "description": "vshare.tv plugin",
Found :                "name": "vshare plugin",
Found :                   "path": "chvsharetvplg.dll",
Found :    "homepage": "hxxp://startsear.ch/?aff=1&cf=f647fce0-d0b0-11e0-a2cd-002185df9aff",

*************************

AdwCleaner[R1].txt - [27426 octets] - [12/07/2012 21:15:50]

########## EOF - C:\AdwCleaner[R1].txt - [27555 octets] ##########
         

Alt 12.07.2012, 22:23   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt" - Standard

Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.07.2012, 23:19   #9
montyburns
 
Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt" - Standard

Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"



Hallo,

erledigt. Unten die nächste Logdatei.

Gruß

Code:
ATTFilter
# AdwCleaner v1.701 - Logfile created 07/12/2012 at 23:09:37
# Updated 02/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Max Mustermann - MaxMustermann-PC
# Running from : C:\Users\Max Mustermann\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Max Mustermann\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Max Mustermann\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Max Mustermann\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Max Mustermann\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Max Mustermann\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Max Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\6bxs5b0k.default\Conduit
Folder Deleted : C:\Users\Max Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\6bxs5b0k.default\ConduitEngine
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\vShare.tv plugin
File Deleted : C:\Users\Max~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2206084[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Max Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\6bxs5b0k.default\prefs.js

C:\Users\Max Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\6bxs5b0k.default\user.js ... Deleted !

Deleted : user_pref("CT2206084.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2206084.CTID", "CT2206084");
Deleted : user_pref("CT2206084.CurrentServerDate", "8-8-2010");
Deleted : user_pref("CT2206084.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2206084.DownloadReferralCookieData", "");
Deleted : user_pref("CT2206084.EMailNotifierPollDate", "Sun Aug 08 2010 21:15:26 GMT+0200");
Deleted : user_pref("CT2206084.FeedLastCount128311388426518939", 498);
Deleted : user_pref("CT2206084.FeedPollDate128394382574669410", "Sun Aug 08 2010 21:15:28 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128394382574669411", "Sun Aug 08 2010 21:15:29 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128394382574669412", "Sun Aug 08 2010 21:15:29 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128394382574669413", "Sun Aug 08 2010 21:15:29 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128394382574669414", "Sun Aug 08 2010 21:15:29 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128559429569307240", "Sun Aug 08 2010 21:15:29 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128801410134769526", "Sun Aug 08 2010 21:15:28 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128801410271643768", "Sun Aug 08 2010 21:15:28 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128801410648675207", "Sun Aug 08 2010 21:15:28 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128801410803831945", "Sun Aug 08 2010 21:15:28 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128801411020863399", "Sun Aug 08 2010 21:15:28 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128801411145707150", "Sun Aug 08 2010 21:15:28 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128801411258362590", "Sun Aug 08 2010 21:15:28 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128801411369456587", "Sun Aug 08 2010 21:15:28 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128801411490081588", "Sun Aug 08 2010 21:15:28 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128801411659613144", "Sun Aug 08 2010 21:15:27 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128801411801956980", "Sun Aug 08 2010 21:15:27 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128801411974300317", "Sun Aug 08 2010 21:15:27 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128895535588356636", "Sun Aug 08 2010 21:15:27 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128895536575232020", "Sun Aug 08 2010 21:15:27 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128895541734450320", "Sun Aug 08 2010 21:15:29 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128896127456250507", "Sun Aug 08 2010 21:15:27 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128896133101250708", "Sun Aug 08 2010 21:15:27 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128896136655781447", "Sun Aug 08 2010 21:15:27 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128896138140469441", "Sun Aug 08 2010 21:15:27 GMT+0200");
Deleted : user_pref("CT2206084.FeedPollDate128896149451719443", "Sun Aug 08 2010 21:15:27 GMT+0200");
Deleted : user_pref("CT2206084.FeedTTL128801411258362590", 5);
Deleted : user_pref("CT2206084.FeedTTL128801411490081588", 30);
Deleted : user_pref("CT2206084.FeedTTL128801411974300317", 5);
Deleted : user_pref("CT2206084.FeedTTL128895535588356636", 5);
Deleted : user_pref("CT2206084.FeedTTL128896138140469441", 2);
Deleted : user_pref("CT2206084.FirstServerDate", "8-8-2010");
Deleted : user_pref("CT2206084.FirstTime", true);
Deleted : user_pref("CT2206084.FirstTimeFF3", true);
Deleted : user_pref("CT2206084.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2206084.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2206084.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2206084.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2206084.Initialize", true);
Deleted : user_pref("CT2206084.InitializeCommonPrefs", true);
Deleted : user_pref("CT2206084.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2206084.InstallationId", "Softonic_CT2206084_FormatFactory245_2ndRelease.exe");
Deleted : user_pref("CT2206084.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2206084.InstalledDate", "Sun Aug 08 2010 21:15:26 GMT+0200");
Deleted : user_pref("CT2206084.InvalidateCache", false);
Deleted : user_pref("CT2206084.IsGrouping", false);
Deleted : user_pref("CT2206084.IsMulticommunity", false);
Deleted : user_pref("CT2206084.IsOpenThankYouPage", true);
Deleted : user_pref("CT2206084.IsOpenUninstallPage", true);
Deleted : user_pref("CT2206084.LanguagePackLastCheckTime", "Sun Aug 08 2010 21:15:28 GMT+0200");
Deleted : user_pref("CT2206084.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2206084.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2206084.LastLogin_2.7.1.3", "Sun Aug 08 2010 21:15:27 GMT+0200");
Deleted : user_pref("CT2206084.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT2206084.Locale", "de-de");
Deleted : user_pref("CT2206084.LoginCache", 4);
Deleted : user_pref("CT2206084.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2206084.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2206084.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2206084.RadioIsPodcast", false);
Deleted : user_pref("CT2206084.RadioLastCheckTime", "Sun Aug 08 2010 21:15:27 GMT+0200");
Deleted : user_pref("CT2206084.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2206084.RadioLastUpdateServer", "128939446421370000");
Deleted : user_pref("CT2206084.RadioMediaID", "10559111");
Deleted : user_pref("CT2206084.RadioMediaType", "Media Player");
Deleted : user_pref("CT2206084.RadioMenuSelectedID", "EBRadioMenu_CT220608410559111");
Deleted : user_pref("CT2206084.RadioShrinked", "shrinked");
Deleted : user_pref("CT2206084.RadioStationName", "Antenne%20Bayern%20Top%2040");
Deleted : user_pref("CT2206084.RadioStationURL", "hxxp://channels.webradio.antenne.de/top-40");
Deleted : user_pref("CT2206084.SHRINK_TOOLBAR", 0);
Deleted : user_pref("CT2206084.SavedHomepage", "hxxp://www.google.de/news");
Deleted : user_pref("CT2206084.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2206084.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2206084.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT220[...]
Deleted : user_pref("CT2206084.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2206084.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2206084.SearchInNewTabLastCheckTime", "Sun Aug 08 2010 21:15:28 GMT+0200");
Deleted : user_pref("CT2206084.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2206084.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2206084.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2206084.SettingsLastCheckTime", "Sun Aug 08 2010 21:15:25 GMT+0200");
Deleted : user_pref("CT2206084.SettingsLastUpdate", "1281281766");
Deleted : user_pref("CT2206084.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2206084.ThirdPartyComponentsLastCheck", "Sun Aug 08 2010 21:15:24 GMT+0200");
Deleted : user_pref("CT2206084.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2206084.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2206084.UserID", "UN84885645598895223");
Deleted : user_pref("CT2206084.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2206084.WeatherNetwork", "");
Deleted : user_pref("CT2206084.WeatherPollDate", "Sun Aug 08 2010 21:15:27 GMT+0200");
Deleted : user_pref("CT2206084.WeatherUnit", "C");
Deleted : user_pref("CT2206084.alertChannelId", "604380");
Deleted : user_pref("CT2206084.clientLogIsEnabled", true);
Deleted : user_pref("CT2206084.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2206084.myStuffEnabled", true);
Deleted : user_pref("CT2206084.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2206084.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2206084.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2206084.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2206084.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2613550.CTID", "ct2613550");
Deleted : user_pref("CT2613550.CurrentServerDate", "3-8-2010");
Deleted : user_pref("CT2613550.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2613550.DownloadReferralCookieData", "");
Deleted : user_pref("CT2613550.EMailNotifierPollDate", "Tue Aug 03 2010 15:50:52 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129249153475517549", "Tue Aug 03 2010 15:10:50 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129249153475517555", "Tue Aug 03 2010 15:10:50 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129249153475517561", "Tue Aug 03 2010 15:10:50 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129249153475517567", "Tue Aug 03 2010 15:10:50 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129249153475517573", "Tue Aug 03 2010 15:10:50 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129249153475517579", "Tue Aug 03 2010 15:10:50 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129249153475517585", "Tue Aug 03 2010 15:10:50 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129249153475517591", "Tue Aug 03 2010 15:10:50 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129249153475517597", "Tue Aug 03 2010 15:10:51 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129249153475517603", "Tue Aug 03 2010 15:10:51 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129249153475517609", "Tue Aug 03 2010 15:10:51 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129249153475517615", "Tue Aug 03 2010 15:10:51 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129249153475517621", "Tue Aug 03 2010 15:10:51 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129249153475517627", "Tue Aug 03 2010 15:10:51 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129249153475517633", "Tue Aug 03 2010 15:10:51 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129249153475517639", "Tue Aug 03 2010 15:10:51 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129249153475517645", "Tue Aug 03 2010 15:10:52 GMT+0200");
Deleted : user_pref("CT2613550.FeedTTL129249153475517561", 5);
Deleted : user_pref("CT2613550.FeedTTL129249153475517567", 5);
Deleted : user_pref("CT2613550.FeedTTL129249153475517591", 2);
Deleted : user_pref("CT2613550.FeedTTL129249153475517621", 5);
Deleted : user_pref("CT2613550.FeedTTL129249153475517633", 30);
Deleted : user_pref("CT2613550.FirstServerDate", "3-8-2010");
Deleted : user_pref("CT2613550.FirstTime", true);
Deleted : user_pref("CT2613550.FirstTimeFF3", true);
Deleted : user_pref("CT2613550.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2613550.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2613550.Initialize", true);
Deleted : user_pref("CT2613550.InitializeCommonPrefs", true);
Deleted : user_pref("CT2613550.InstallationAndCookieDataSentCount", 2);
Deleted : user_pref("CT2613550.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2613550.InstalledDate", "Tue Aug 03 2010 15:10:45 GMT+0200");
Deleted : user_pref("CT2613550.IsGrouping", false);
Deleted : user_pref("CT2613550.IsMulticommunity", false);
Deleted : user_pref("CT2613550.IsOpenThankYouPage", false);
Deleted : user_pref("CT2613550.IsOpenUninstallPage", true);
Deleted : user_pref("CT2613550.LanguagePackLastCheckTime", "Tue Aug 03 2010 15:10:51 GMT+0200");
Deleted : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2613550.LastLogin_2.6.0.15", "Tue Aug 03 2010 15:10:50 GMT+0200");
Deleted : user_pref("CT2613550.LatestVersion", "2.7.1.3");
Deleted : user_pref("CT2613550.Locale", "de-de");
Deleted : user_pref("CT2613550.LoginCache", 4);
Deleted : user_pref("CT2613550.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2613550.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2613550.RadioIsPodcast", false);
Deleted : user_pref("CT2613550.RadioMediaID", "8546");
Deleted : user_pref("CT2613550.RadioMediaType", "Media Player");
Deleted : user_pref("CT2613550.RadioMenuSelectedID", "EBRadioMenu_CT26135508546");
Deleted : user_pref("CT2613550.RadioStationName", "Radio%208");
Deleted : user_pref("CT2613550.RadioStationURL", "hxxp://stream.radio8.de:8000/live.m3u");
Deleted : user_pref("CT2613550.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...]
Deleted : user_pref("CT2613550.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2613550.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2613550.SettingsLastCheckTime", "Tue Aug 03 2010 15:10:44 GMT+0200");
Deleted : user_pref("CT2613550.SettingsLastUpdate", "1280441747");
Deleted : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Tue Aug 03 2010 15:10:44 GMT+0200");
Deleted : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2613550.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2613550.UserID", "UN26113560332241326");
Deleted : user_pref("CT2613550.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2613550.WeatherNetwork", "");
Deleted : user_pref("CT2613550.WeatherPollDate", "Tue Aug 03 2010 15:40:51 GMT+0200");
Deleted : user_pref("CT2613550.WeatherUnit", "C");
Deleted : user_pref("CT2613550.alertChannelId", "1006347");
Deleted : user_pref("CT2613550.clientLogIsEnabled", true);
Deleted : user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2613550.components.1000082", true);
Deleted : user_pref("CT2613550.components.1000234", true);
Deleted : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 344);
Deleted : user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2613550.ct2613550.InvalidateCache", false);
Deleted : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Tue Aug 03 2010 15:10:51 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.Locale", "de-de");
Deleted : user_pref("CT2613550.ct2613550.RadioLastCheckTime", "Tue Aug 03 2010 15:10:51 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2613550.ct2613550.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Deleted : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Tue Aug 03 2010 15:10:50 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Tue Aug 03 2010 15:10:49 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1280441747");
Deleted : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Tue Aug 03 2010 15:10:49 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2613550.myStuffEnabled", true);
Deleted : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2613550,CT2206084,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550,CT2206084");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Apr 03 2011 10:51:13 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Apr 16 2011 22:31:09 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 29 2011 23:23:00 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "b7464808-3905-41ed-a65e-88569191bdca");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Aug 03 2010 15:10:51 GMT+0200");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2206084");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 23 2011 21:31:19 GMT+0200");
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Apr 16 2011 21:35:23 GMT+0200");
Deleted : user_pref("ConduitEngine.FirstServerDate", "04/03/2011 11");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Sun Apr 03 2011 10:51:14 GMT+0200");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Apr 16 2011 22:31:02 GMT+0200");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sun Apr 17 2011 16:52:47 GMT+0200");
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Apr 17 2011 16:52:47 GMT+0200");
Deleted : user_pref("ConduitEngine.UserID", "UN08847629811459246");
Deleted : user_pref("ConduitEngine.approveUntrustedApps", true);
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Apr 16 2011 22:31:02 GMT+0200");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun Apr 17 2011 16:52:47 GMT+0200");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.isDetectionEnabled", false);
Deleted : user_pref("ConduitEngine.usageEnabled", false);
Deleted : user_pref("ConduitEngine.usagesFlag", 2);
Deleted : user_pref("browser.search.defaultengine", "Web Search");
Deleted : user_pref("browser.search.defaultenginename", "Search the web");
Deleted : user_pref("browser.search.defaultthis.engineName", "Softonic Deutsch FF Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&Sea[...]
Deleted : user_pref("browser.search.order.1", "Search the web");
Deleted : user_pref("browser.search.selectedEngine", "Search the web");
Deleted : user_pref("extensions.ui.lastCategory", "addons://search/softonic");
Deleted : user_pref("vshare.install.date", "1285027200000");
Deleted : user_pref("vshare.install.finished", "1.0.0");
Deleted : user_pref("vshare.install.guid", "{3242449c-491a-4177-92d1-eb948bf836c1}");
Deleted : user_pref("vshare.install.isHidden", true);
Deleted : user_pref("vshare.install.laststatreq", "1309392000000");
Deleted : user_pref("vshare.install.newtab", false);

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Max Mustermann\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :       "keyword": "startsear.ch",
Deleted :       "name": "Web Search",
Deleted :       "search_url": "hxxp://startsear.ch/?aff=1&q={searchTerms}",
Deleted :                "description": "vshare.tv plugin",
Deleted :                "name": "vshare plugin",
Deleted :                   "path": "chvsharetvplg.dll",
Deleted :    "homepage": "hxxp://startsear.ch/?aff=1&cf=f647fce0-d0b0-11e0-a2cd-002185df9aff",

*************************

AdwCleaner[R1].txt - [27557 octets] - [12/07/2012 21:15:50]
AdwCleaner[S1].txt - [28264 octets] - [12/07/2012 23:09:37]

########## EOF - C:\AdwCleaner[S1].txt - [28393 octets] ##########
         

Alt 13.07.2012, 14:20   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt" - Standard

Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.07.2012, 19:02   #11
montyburns
 
Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt" - Standard

Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"



Hi und danke,

unten nun das Log von OTL.

Viele Grüße

OTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 14.07.2012 17:57:04 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Max Mustermann\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 51,17% Memory free
6,21 Gb Paging File | 4,72 Gb Available in Paging File | 75,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,56 Gb Total Space | 128,70 Gb Free Space | 46,20% Space Free | Partition Type: NTFS
Drive D: | 19,52 Gb Total Space | 9,69 Gb Free Space | 49,66% Space Free | Partition Type: FAT32
 
Computer Name: MaxMustermann-PC | User Name: Max Mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.14 17:54:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Max Mustermann\Downloads\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Max Mustermann\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.12 09:47:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.12 09:47:31 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.12 09:47:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.12 09:47:31 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.12 09:47:30 | 000,613,328 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\update.exe
PRC - [2012.05.12 09:47:30 | 000,047,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\updrgui.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.31 12:57:56 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2009.06.22 15:21:58 | 000,304,592 | ---- | M] () -- C:\Program Files\XSManager\WTGService.exe
PRC - [2009.06.17 12:28:46 | 000,157,968 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2009.06.17 12:28:08 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.06 17:18:52 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.03.28 17:49:36 | 000,368,640 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\MFServices.exe
PRC - [2008.03.20 20:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\HomeCinema\PowerDVD8\PDVD8Serv.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.08.12 22:49:50 | 000,073,728 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\MFPrintServer.exe
PRC - [2007.06.11 06:30:58 | 000,012,288 | ---- | M] () -- C:\Windows\System32\MF2GDIPO.EXE
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2005.10.10 13:16:48 | 000,057,344 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE3.0\opwareSE3.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008.03.28 17:49:36 | 000,368,640 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\MFServices.exe
MOD - [2008.03.24 14:02:44 | 000,720,896 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\Utility32U.dll
MOD - [2007.08.12 23:00:20 | 000,032,768 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\MFServiceTR29U.dll
MOD - [2007.08.12 23:00:16 | 000,356,352 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\TiffU.dll
MOD - [2007.08.12 22:59:44 | 000,135,168 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\GraphicsU.dll
MOD - [2007.08.12 22:59:36 | 000,245,760 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\ProtocolU.dll
MOD - [2007.08.12 22:58:20 | 000,086,016 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\SuStringU.dll
MOD - [2007.08.12 22:58:18 | 000,245,760 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\AdvancedU.dll
MOD - [2007.08.12 22:49:50 | 000,073,728 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\MFPrintServer.exe
MOD - [2007.08.12 22:46:44 | 000,212,992 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\SMSU.dll
MOD - [2007.08.12 22:45:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\MFServiceFOLDERu.dll
MOD - [2007.08.12 22:45:40 | 000,315,392 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\FAXU.dll
MOD - [2007.08.12 22:41:26 | 000,032,768 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\PrintFaxU.dll
MOD - [2007.08.12 22:41:20 | 000,049,152 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\Pdg32U.dll
MOD - [2007.08.12 22:41:14 | 000,053,248 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\DigitalizerU.dll
MOD - [2007.08.12 22:40:18 | 000,024,576 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\MFServiceTSU.dll
MOD - [2007.08.12 22:40:16 | 000,036,864 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\MFServiceMONU.dll
MOD - [2007.08.12 22:40:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\MFServiceHTTPU.dll
MOD - [2007.08.12 22:40:06 | 000,061,440 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\MFServiceAPIU.dll
MOD - [2007.08.12 22:39:50 | 000,503,808 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\PlugInU.dll
MOD - [2007.08.12 22:39:20 | 000,139,264 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\DeviceU.dll
MOD - [2007.08.12 22:39:12 | 000,143,360 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\HAL\XMLDIUSBU.dll
MOD - [2007.08.12 22:39:04 | 000,172,032 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\HAL\XMLDILANU.dll
MOD - [2007.08.12 22:38:58 | 000,028,672 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\HTTPClientU.dll
MOD - [2007.08.12 22:38:52 | 000,053,248 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\SMTPServerU.dll
MOD - [2007.08.12 22:38:48 | 000,053,248 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\SMTPClientU.dll
MOD - [2007.08.12 22:38:44 | 000,065,536 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\MFMimeParserU.dll
MOD - [2007.08.12 22:38:30 | 000,368,640 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\AddressBookU.dll
MOD - [2007.08.12 22:38:02 | 000,131,072 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\ComponentsU.dll
MOD - [2007.08.12 22:37:46 | 000,417,792 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\ControlsU.dll
MOD - [2007.08.12 22:37:22 | 000,118,784 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\RouterU.dll
MOD - [2007.04.18 01:22:04 | 000,069,632 | ---- | M] () -- C:\Program Files\Companion Suite Pro LM2\QTrace.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\System Control Manager\edd.exe -- (NishService)
SRV - [2012.07.12 16:23:32 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.01 20:30:43 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.12 09:47:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.12 09:47:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.31 12:57:56 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2010.09.01 16:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009.11.04 23:39:49 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.06.22 15:21:58 | 000,304,592 | ---- | M] () [Auto | Running] -- C:\Program Files\XSManager\WTGService.exe -- (WTGService)
SRV - [2009.06.17 12:28:08 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\MGHwCtrl.sys -- (MGHwCtrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.12 09:47:32 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.12 09:47:32 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.12.31 12:48:26 | 000,234,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.12.30 13:19:46 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.12.30 13:19:46 | 000,051,456 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2010.12.30 13:19:46 | 000,026,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2010.12.30 13:19:44 | 000,085,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2010.12.30 13:19:38 | 000,191,872 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.12.30 13:19:32 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.26 19:28:34 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009.08.26 19:28:34 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009.03.25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009.03.25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009.03.25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009.03.25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009.03.25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008.10.31 16:19:38 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2008.10.21 10:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 10:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008.10.21 10:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008.10.21 10:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 10:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008.10.21 10:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008.10.21 10:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.09.09 11:58:32 | 000,099,216 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.08.06 16:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.02.01 07:56:48 | 000,160,816 | ---- | M] (Auerswald GmbH & Co.KG                         ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\auusb.sys -- (auusb)
DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.08.11 22:55:10 | 000,061,820 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\MF2NT.sys -- (mf2nt)
DRV - [2007.03.20 10:45:08 | 000,010,368 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MF2ACT.sys -- (MF2ACT)
DRV - [2007.01.08 23:18:28 | 000,031,879 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XMLDIUSB.sys -- (XMLDIUSB)
DRV - [2006.11.22 09:52:08 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2004.08.11 15:39:38 | 000,041,984 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = 
IE - HKLM\..\SearchScopes\{7EBD9636-F36B-41BC-A060-D4D0646BCEED}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1911406567-2329552222-4229325174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-1911406567-2329552222-4229325174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1911406567-2329552222-4229325174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1911406567-2329552222-4229325174-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1911406567-2329552222-4229325174-1000\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = 
IE - HKU\S-1-5-21-1911406567-2329552222-4229325174-1000\..\SearchScopes\{2DCD9DE6-1927-470C-84D5-5E6A1170B84C}: "URL" = hxxp://isearch.avg.com/search?cid={D05D0837-2D29-4360-87B0-217D7EF21302}&mid=f139b939c46647d18d88d168c33b730c-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=tg025&pr=sa&d=2011-08-29 18:26:45&v=8.0.0.33&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1911406567-2329552222-4229325174-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKU\S-1-5-21-1911406567-2329552222-4229325174-1000\..\SearchScopes\{7EBD9636-F36B-41BC-A060-D4D0646BCEED}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-1911406567-2329552222-4229325174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1911406567-2329552222-4229325174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de/news"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {9d81af43-de53-48d0-a199-42c2a226b24c}:3.3.3.2
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.17 17:48:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.01 20:30:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.12 23:09:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.06 23:21:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.01 20:30:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.12 23:09:51 | 000,000,000 | ---D | M]
 
[2010.01.21 19:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Extensions
[2010.01.21 19:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.04 22:29:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6bxs5b0k.default\extensions
[2012.07.04 22:29:09 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6bxs5b0k.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012.05.30 20:56:52 | 000,000,000 | ---D | M] (ST Deutsch FF Community Toolbar) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6bxs5b0k.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
[2010.04.20 21:02:37 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6bxs5b0k.default\extensions\firefox@tvunetworks.com
[2011.06.30 21:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6bxs5b0k.default\extensions\nostmp
[2010.09.21 20:52:10 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6bxs5b0k.default\extensions\vshare@toolbar
[2011.12.17 17:44:37 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6bxs5b0k.default\extensions\welcome@toolmin.com
[2011.12.11 17:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.07.30 13:33:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.12.17 17:48:31 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.05.18 18:59:09 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\Max Mustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6BXS5B0K.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.04.19 13:40:22 | 000,159,573 | ---- | M] () (No name found) -- C:\USERS\Max Mustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6BXS5B0K.DEFAULT\EXTENSIONS\RAISMTH@MITM.RC.XPI
[2012.07.01 20:30:44 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.01 20:30:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.01 20:30:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.01 20:30:39 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.01 20:30:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.17 17:44:37 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2012.07.01 20:30:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.01 20:30:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - Extension: YouTube = C:\Users\Max Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Max Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Max Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Max Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Max Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1911406567-2329552222-4229325174-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MFPrintServer_Pro_LM] C:\Program Files\Companion Suite Pro LM2\MFPrintServer.exe ()
O4 - HKLM..\Run: [MFServices_Pro_LM] C:\Program Files\Companion Suite Pro LM2\MFServices.exe ()
O4 - HKLM..\Run: [OpwareSE3] C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\HomeCinema\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1911406567-2329552222-4229325174-1000..\Run: [Exezyskana] C:\Users\Max Mustermann\AppData\Roaming\Ereta\ifmuu.exe ()
O4 - HKU\S-1-5-21-1911406567-2329552222-4229325174-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Max Mustermann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A9D9770-C9DF-4C3F-8669-70E2C8C4A68C}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F22CC12-DD96-46EA-BECD-ED5CF7706407}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B47870DF-FD61-4EFE-B244-F4ADDAE6A5C6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCBDB893-30F7-4257-97D9-A4522FF7EB32}: DhcpNameServer = 212.166.132.109 212.73.32.67
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{37dafd11-67ee-11df-aa17-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{37dafd11-67ee-11df-aa17-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{37dafd3d-67ee-11df-aa17-00224315d19b}\Shell - "" = AutoRun
O33 - MountPoints2\{37dafd3d-67ee-11df-aa17-00224315d19b}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{3cbbd917-b2f8-11e0-946f-002185df9aff}\Shell - "" = AutoRun
O33 - MountPoints2\{3cbbd917-b2f8-11e0-946f-002185df9aff}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4ccd9742-ff97-11de-a160-002185df9aff}\Shell - "" = AutoRun
O33 - MountPoints2\{4ccd9742-ff97-11de-a160-002185df9aff}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{94f43cc8-b2f6-11e0-828d-00224315d19b}\Shell - "" = AutoRun
O33 - MountPoints2\{94f43cc8-b2f6-11e0-828d-00224315d19b}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{cf29e988-cf04-11e0-ba19-002185df9aff}\Shell - "" = AutoRun
O33 - MountPoints2\{cf29e988-cf04-11e0-ba19-002185df9aff}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d6e0570f-3beb-11df-8aa7-002185df9aff}\Shell - "" = AutoRun
O33 - MountPoints2\{d6e0570f-3beb-11df-8aa7-002185df9aff}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EB334411-C9DB-14BC-63A6-11D01DD460F4} - Adobe Shockwave Director 11.0
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.12 23:39:24 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Roaming\Ahabg
[2012.07.12 23:39:23 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Roaming\Orabli
[2012.07.12 23:39:23 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Roaming\Ereta
[2012.07.04 22:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.27 18:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\fcrjnefwpxjskbb
[2012.06.24 08:36:25 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\Macromedia
[2010.12.27 18:59:33 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe1E1C.dll
[2009.11.26 19:10:53 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe25E7.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.14 18:05:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2012.07.14 17:56:59 | 000,618,430 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.14 17:56:59 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.14 17:56:59 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.14 17:56:59 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.14 17:54:51 | 000,000,897 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\OTL - Verknüpfung.lnk
[2012.07.14 17:51:52 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.14 17:50:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.14 17:50:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.14 17:50:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.14 17:50:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.14 17:49:58 | 3212,087,296 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.13 00:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.12 23:09:19 | 000,000,938 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\adwcleaner - Verknüpfung.lnk
[2012.07.12 21:24:33 | 000,002,591 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Microsoft Office Word 2007.lnk
[2012.06.28 23:50:59 | 000,314,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.27 21:40:07 | 000,002,497 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\HiJackThis.lnk
[2012.06.27 19:33:13 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.27 19:16:10 | 000,000,680 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Local\d3d9caps.dat
[2012.06.27 18:24:31 | 000,000,052 | ---- | M] () -- C:\ProgramData\lsvukeynxhvxwlp
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.14 17:54:51 | 000,000,897 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\OTL - Verknüpfung.lnk
[2012.07.12 23:09:19 | 000,000,938 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\adwcleaner - Verknüpfung.lnk
[2012.06.28 23:50:19 | 3212,087,296 | -HS- | C] () -- C:\hiberfil.sys
[2012.06.27 19:33:13 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.27 18:24:24 | 000,000,052 | ---- | C] () -- C:\ProgramData\lsvukeynxhvxwlp
[2011.07.29 12:12:03 | 000,000,000 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\{8511E44F-63D3-4167-96C6-5CC9C54242AB}
[2011.04.12 23:07:50 | 000,200,704 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2011.04.12 23:07:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\W2KUSBIF.DLL
[2011.04.12 23:07:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\spusbif.dll
[2011.04.12 23:07:50 | 000,001,593 | ---- | C] () -- C:\Windows\System32\portex16.dll
[2010.12.31 12:48:56 | 000,208,552 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010.11.28 15:55:11 | 000,000,680 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\d3d9caps.dat
[2010.08.08 16:03:55 | 000,000,218 | ---- | C] () -- C:\Users\Max Mustermann\.recently-used.xbel
[2010.08.08 13:18:47 | 000,000,047 | ---- | C] () -- C:\Users\Max Mustermann\.gtk-bookmarks
[2009.09.03 23:44:20 | 000,001,028 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Roaming\WavCodec.wff
[2009.07.19 13:29:43 | 000,025,600 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.14 17:16:47 | 000,000,600 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\PUTTY.RND
[2009.05.18 16:58:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.04.27 17:16:09 | 000,000,000 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Roaming\wklnhst.dat
 
========== LOP Check ==========
 
[2012.07.12 23:39:24 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Ahabg
[2010.07.08 08:56:17 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\CheckPoint
[2011.02.23 22:18:20 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Crtvis
[2012.07.14 17:52:40 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Dropbox
[2012.07.12 23:39:23 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Ereta
[2011.06.30 23:43:55 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\FileZilla
[2010.03.23 00:03:10 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\FireShot
[2010.08.08 13:19:01 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\gtk-2.0
[2009.07.12 14:56:59 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\ICQ
[2010.08.05 17:11:42 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\iView
[2011.09.07 07:59:42 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Msnet
[2009.09.03 23:13:49 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\NCH Swift Sound
[2012.07.13 00:07:04 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Orabli
[2009.09.03 21:18:28 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\phonostar-Player
[2010.08.08 10:19:57 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\RawTherapeeAlpha
[2009.08.12 12:47:05 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\ScanSoft
[2009.09.01 18:46:18 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\SecondLife
[2009.08.26 20:26:17 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Sony
[2010.01.21 19:14:11 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Thunderbird
[2012.01.10 21:37:20 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\toolplugin
[2010.07.08 08:15:57 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Uniblue
[2011.07.20 19:55:24 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Vodafone
[2010.08.16 19:25:04 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\XSManager
[2012.07.13 00:41:12 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.14 18:05:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.08.05 17:11:26 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Adobe
[2012.07.12 23:39:24 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Ahabg
[2012.03.14 16:53:44 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Apple Computer
[2011.11.24 23:25:17 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Avira
[2010.07.08 08:56:17 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\CheckPoint
[2010.06.03 16:18:06 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Corel
[2011.02.23 22:18:20 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Crtvis
[2011.01.09 20:35:39 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\CyberLink
[2012.01.05 22:51:41 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\DivX
[2012.07.14 17:52:40 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Dropbox
[2012.07.12 23:39:23 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Ereta
[2009.11.23 21:35:37 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\FastStone
[2011.06.30 23:43:55 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\FileZilla
[2010.03.23 00:03:10 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\FireShot
[2011.07.20 20:01:53 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\FLEXnet
[2009.04.27 19:05:53 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Google
[2010.08.08 13:19:01 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\gtk-2.0
[2009.07.12 14:56:59 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\ICQ
[2009.04.27 17:10:32 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Identities
[2009.12.26 23:40:24 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\InstallShield
[2010.08.05 17:11:42 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\iView
[2009.04.30 15:55:48 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Macromedia
[2010.07.08 08:24:06 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Media Center Programs
[2012.06.24 08:36:25 | 000,000,000 | --SD | M] -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft
[2009.05.11 19:06:52 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Mozilla
[2011.09.07 07:59:42 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Msnet
[2009.09.03 23:13:49 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\NCH Swift Sound
[2010.08.05 16:56:57 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Nero
[2012.07.13 00:07:04 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Orabli
[2009.09.03 21:18:28 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\phonostar-Player
[2010.08.08 10:19:57 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\RawTherapeeAlpha
[2009.08.12 12:47:05 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\ScanSoft
[2009.09.01 18:46:18 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\SecondLife
[2012.03.29 21:56:35 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Skype
[2012.03.29 21:54:46 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\skypePM
[2009.08.26 20:26:17 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Sony
[2009.06.25 23:17:28 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Talkback
[2010.01.21 19:14:11 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Thunderbird
[2012.01.10 21:37:20 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\toolplugin
[2010.07.08 08:15:57 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Uniblue
[2011.07.20 19:55:24 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Vodafone
[2009.06.25 23:31:17 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\WinRAR
[2010.08.16 19:25:04 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\XSManager
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Max Mustermann\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Max Mustermann\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Max Mustermann\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.02.15 19:14:35 | 000,152,064 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Roaming\Ereta\ifmuu.exe
[2010.11.28 16:56:53 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2012.06.22 14:07:16 | 000,060,824 | ---- | M] (getfireshot.com) -- C:\Users\Max Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\6bxs5b0k.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\crashreporter.exe
[2012.06.22 14:07:14 | 000,145,816 | ---- | M] (getfireshot.com) -- C:\Users\Max Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\6bxs5b0k.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-container.exe
[2012.06.22 14:06:54 | 000,074,648 | ---- | M] (getfireshot.com) -- C:\Users\Max Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\6bxs5b0k.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-deploy.exe
[2010.09.01 16:52:56 | 000,032,032 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Max Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\6bxs5b0k.default\extensions\nostmp\content\getPlusPlus_Adobe_reg.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:47 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

< End of report >
         
--- --- ---

--- --- ---

[/code]

Dazu gab es noch eine "Extras.Txt":

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.07.2012 17:57:04 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Max Mustermann\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 51,17% Memory free
6,21 Gb Paging File | 4,72 Gb Available in Paging File | 75,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,56 Gb Total Space | 128,70 Gb Free Space | 46,20% Space Free | Partition Type: NTFS
Drive D: | 19,52 Gb Total Space | 9,69 Gb Free Space | 49,66% Space Free | Partition Type: FAT32
 
Computer Name: MaxMustermann-PC | User Name: Max Mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1911406567-2329552222-4229325174-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027E104C-1093-47E9-A7B8-9ABE0EA5D9ED}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3C42A060-4371-4CD4-B497-5BE246375EB3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3E446952-7A83-4493-A798-395F33C7A985}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4ECE95BF-C456-48B3-932E-AEE12EAEF5CD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5FFF5452-5490-48C8-BD87-551BD05EF432}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6130AC7B-D7B0-46D2-93E0-23F7A349E565}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{614728C3-FEC0-4233-BD10-BF3C52008660}" = lport=445 | protocol=6 | dir=in | app=system | 
"{63217BC4-1D91-4CBC-B317-3526E00669BC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{80988EF1-A704-4B10-BAAB-CBDCEB504596}" = rport=137 | protocol=17 | dir=out | app=system | 
"{82480774-D58C-43AE-9CC6-61DE1E8D3CAE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{833743FA-3FA3-4719-8137-E27E580D05D0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9AE99CF3-A550-437F-86A0-821CEAEA3BB0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A4E51561-21DA-4432-A113-BDCF5E54EE1C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A6E9D04E-1AB4-4A26-955F-6421006B1CDD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B028BB81-6971-498D-B9F5-102B44B1C3D6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CBE69C69-EECA-4FD7-A324-3DD6997180F2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D301B0FA-B8B1-473C-9EBC-657E45510989}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D3649324-B1E8-40EC-9C30-534FA3CF257C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F6990B08-69E8-4FF7-925C-07170459C69D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F840691B-BF8A-4A8F-876A-3755D37766A6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AA2CFE2-9386-41B1-9C3B-A40C3914F00F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2A78441F-1269-495F-8103-063A8AF0DDD2}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{3725464A-4F61-4B0F-B6CB-FCC66DCD2150}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{378FFFF9-0E6A-42C7-8A71-218F4B41228A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{3C39C23F-CC5A-4455-BFEF-D08B11FDB63A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{41B9B342-69DB-42B1-8B8E-5D38713703CE}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{486372A6-305F-4C2E-98BD-AF56F72F16E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4AE9AA1D-9695-4006-B241-034F8520C769}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4B426F60-C9CE-4CE2-962C-279BDE02A1C2}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{50FEEF14-0DCE-4B03-8DCB-8DE062D257A6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5921E7B3-9037-4412-998A-D083E7E57923}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{5EDF855B-D570-41EE-A154-2CC05061773B}" = protocol=17 | dir=in | app=c:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6BCC0C23-AB23-4975-BE96-AE315409BCFB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{7E3345B5-DBC6-408D-A2C9-B8C87D4E7C50}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8E020BEE-0A1A-4B88-AEE2-78FAFE376077}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | 
"{8E83CF4F-ABEF-481D-A130-1B0534D0EFAF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8EAEDD8A-857F-467D-9D12-68AC9C48E329}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{9DB73701-DEF2-4240-943C-8F124282779A}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{A2FCFC3B-797A-4B21-BEE0-2B5EECC16D30}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A75CCDEE-E081-4B57-9B3C-07E0E4325477}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C097EDAB-865E-4D2A-86A9-33D9DC7A358C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{CA5314F2-4E7F-4668-ACD7-821D7CA5BE7B}" = protocol=6 | dir=in | app=c:\program files\companion suite pro lm2\mfservices.exe | 
"{E12CEF1A-FEFB-49E5-936A-BA38F29912CE}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{E785881A-03FD-49E1-B61F-9D3C6CFDA018}" = protocol=6 | dir=in | app=c:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F22D78C5-A6BC-4F11-B28A-AADE169C78C8}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{FBC5C25E-0B77-4DC0-9FDD-59DF8F8421AE}" = protocol=17 | dir=in | app=c:\program files\companion suite pro lm2\mfservices.exe | 
"{FF80CD5A-6170-45DE-B8F4-FC6D3FE17F5E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{1C0179A0-11F0-45D6-B209-7BB9C7CF8BF0}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{389BD513-A067-462E-8E12-7D8F5121860C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{625EAF74-0950-4D9F-B42B-A8F574AE7A44}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe | 
"TCP Query User{6390308E-E19C-46CE-B119-BE31C6B5A24A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{7D85855B-FD27-4713-9BEF-96465C490E22}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{8307E40D-9A98-49B9-BEF6-572FCD88A88A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{A350ADAC-BBCF-455D-A8B3-11655AA22C15}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{CD556F3B-76F1-4C7B-8EE4-C3F363CB92F6}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{D4954BE8-776F-4425-A690-136C588CCA07}C:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{DADA446D-765E-462A-A8A0-348DA97B5250}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"UDP Query User{2A72FC54-DA08-41A9-9861-3893EA9BE517}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{36E4853E-13C3-4B7A-A665-10E5FD9CEA87}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{53BED480-2379-4476-9532-7C23A37E8137}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{56610E76-7CAE-4C67-B641-A95BBC02E492}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{7C4D38F5-D0FE-468B-8E17-0638DEB4B213}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{82C93E1D-5EC2-4082-94AB-A6B6FC007FA3}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{882859B0-1823-4A81-81EA-062B395BE651}C:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{8E552639-918A-4C16-A77F-9F61B0BDC8ED}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe | 
"UDP Query User{9C8BA727-F2EE-417B-B6DC-C2FE216D2237}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{CB0EB1CC-7DFE-46AE-8DBA-DF41032894E6}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{48AB06FF-059D-43DE-ACC1-15920D5A7FF2}" = JRE 1.4.2
"{4AA863D0-EC08-415B-B4AF-FD0A9DFC8C91}" = ScanSoft PaperPort 10
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BC60D4B-C688-4646-A1FC-730BE6DD5E9D}" = Companion Suite Pro LM2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B256C380-AC47-4681-8342-7F42E4F0F434}" = JRE 1.6.1
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C095AB64-EF16-4636-9A78-5E72C3DC3173}" = Auerswald COMset 2.6.29
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D41A58D3-DF92-428E-BD8F-771853277E3F}" = ScanSoft OmniPage SE 3.0
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{FB838FDB-0C2D-44EC-8C40-F69C5CDABFCC}" = Samsung SCX-4100 Series - TWAIN
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressBurn" = Express Burn
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"FileZilla Client" = FileZilla Client 3.2.6.1
"FormatFactory" = FormatFactory 2.45
"Google Chrome" = Google Chrome
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.5
"Samsung SCX-4100 Series" = Samsung SCX-4100 Series
"SecondLife" = SecondLife (remove only)
"Security Task Manager" = Security Task Manager 1.8d
"Switch" = Switch Sound File Converter
"toolplugin" = toolplugin
"Trillian" = Trillian
"Update Service" = Update Service
"Veetle TV" = Veetle TV 0.9.18
"vShare.tv plugin" = vShare.tv plugin 1.3
"WavePad" = WavePad Sound Editor
"WinRAR archiver" = WinRAR
"XSManager" = XSManager
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1911406567-2329552222-4229325174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.07.2012 12:21:01 | Computer Name = MaxMustermann-PC | Source = Windows Search Service | ID = 3032
Description = 
 
Error - 14.07.2012 12:21:03 | Computer Name = MaxMustermann-PC | Source = Windows Search Service | ID = 3032
Description = 
 
Error - 14.07.2012 12:21:04 | Computer Name = MaxMustermann-PC | Source = Windows Search Service | ID = 3032
Description = 
 
Error - 14.07.2012 12:21:05 | Computer Name = MaxMustermann-PC | Source = Windows Search Service | ID = 3032
Description = 
 
Error - 14.07.2012 12:21:06 | Computer Name = MaxMustermann-PC | Source = Windows Search Service | ID = 3032
Description = 
 
Error - 14.07.2012 12:21:08 | Computer Name = MaxMustermann-PC | Source = Windows Search Service | ID = 3032
Description = 
 
Error - 14.07.2012 12:21:09 | Computer Name = MaxMustermann-PC | Source = Windows Search Service | ID = 3032
Description = 
 
Error - 14.07.2012 12:21:11 | Computer Name = MaxMustermann-PC | Source = Windows Search Service | ID = 3032
Description = 
 
Error - 14.07.2012 12:21:11 | Computer Name = MaxMustermann-PC | Source = Windows Search Service | ID = 3032
Description = 
 
Error - 14.07.2012 12:21:13 | Computer Name = MaxMustermann-PC | Source = Windows Search Service | ID = 3032
Description = 
 
[ System Events ]
Error - 12.07.2012 10:21:34 | Computer Name = MaxMustermann-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.07.2012 14:37:33 | Computer Name = MaxMustermann-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 12.07.2012 14:39:09 | Computer Name = MaxMustermann-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.07.2012 14:39:09 | Computer Name = MaxMustermann-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.07.2012 17:11:18 | Computer Name = MaxMustermann-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 12.07.2012 17:12:52 | Computer Name = MaxMustermann-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.07.2012 17:12:52 | Computer Name = MaxMustermann-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.07.2012 11:50:06 | Computer Name = MaxMustermann-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 14.07.2012 11:51:40 | Computer Name = MaxMustermann-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.07.2012 11:51:40 | Computer Name = MaxMustermann-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---

[/code]

Alt 14.07.2012, 22:57   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt" - Standard

Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das unkenntlich gemachte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-1911406567-2329552222-4229325174-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://startsear.ch/?aff=1&q={searchTerms}
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
[2010.09.21 20:52:10 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6bxs5b0k.default\extensions\vshare@toolbar
[2011.12.17 17:44:37 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6bxs5b0k.default\extensions\welcome@toolmin.com
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-1911406567-2329552222-4229325174-1000..\Run: [Exezyskana] C:\Users\Max Mustermann\AppData\Roaming\Ereta\ifmuu.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{37dafd11-67ee-11df-aa17-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{37dafd11-67ee-11df-aa17-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{37dafd3d-67ee-11df-aa17-00224315d19b}\Shell - "" = AutoRun
O33 - MountPoints2\{37dafd3d-67ee-11df-aa17-00224315d19b}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{3cbbd917-b2f8-11e0-946f-002185df9aff}\Shell - "" = AutoRun
O33 - MountPoints2\{3cbbd917-b2f8-11e0-946f-002185df9aff}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4ccd9742-ff97-11de-a160-002185df9aff}\Shell - "" = AutoRun
O33 - MountPoints2\{4ccd9742-ff97-11de-a160-002185df9aff}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{94f43cc8-b2f6-11e0-828d-00224315d19b}\Shell - "" = AutoRun
O33 - MountPoints2\{94f43cc8-b2f6-11e0-828d-00224315d19b}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{cf29e988-cf04-11e0-ba19-002185df9aff}\Shell - "" = AutoRun
O33 - MountPoints2\{cf29e988-cf04-11e0-ba19-002185df9aff}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d6e0570f-3beb-11df-8aa7-002185df9aff}\Shell - "" = AutoRun
O33 - MountPoints2\{d6e0570f-3beb-11df-8aa7-002185df9aff}\Shell\AutoRun\command - "" = F:\autorun.exe
:Files
C:\Users\Max Mustermann\AppData\Roaming\Ahabg
C:\Users\Max Mustermann\AppData\Roaming\OrabliC:\Users\Max Mustermann\AppData\Roaming\Ereta
C:\Users\Max Mustermann\AppData\Roaming\Ereta
C:\ProgramData\fcrjnefwpxjskbb
C:\ProgramData\lsvukeynxhvxwlp
C:\Users\Max Mustermann\AppData\Roaming\CheckPoint
C:\Users\Max Mustermann\AppData\Roaming\toolplugin
C:\Users\Max Mustermann\AppData\Roaming\Uniblue
C:\Users\Max Mustermann\Downloads\registrybooster.exe
C:\Users\Max Mustermann\Downloads\Softonic*
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.07.2012, 11:59   #13
montyburns
 
Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt" - Standard

Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"



Hallo,

ich habe nun den OTL-Fix wie beschrieben vorgenommen. Unten das Log.

Viele Grüße

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1911406567-2329552222-4229325174-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6bxs5b0k.default\extensions\vshare@toolbar\META-INF folder moved successfully.
C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6bxs5b0k.default\extensions\vshare@toolbar\chrome folder moved successfully.
C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6bxs5b0k.default\extensions\vshare@toolbar folder moved successfully.
C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6bxs5b0k.default\extensions\welcome@toolmin.com\chrome\content folder moved successfully.
C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6bxs5b0k.default\extensions\welcome@toolmin.com\chrome folder moved successfully.
C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6bxs5b0k.default\extensions\welcome@toolmin.com folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1911406567-2329552222-4229325174-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Exezyskana deleted successfully.
C:\Users\Max Mustermann\AppData\Roaming\Ereta\ifmuu.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37dafd11-67ee-11df-aa17-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37dafd11-67ee-11df-aa17-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37dafd11-67ee-11df-aa17-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37dafd11-67ee-11df-aa17-806e6f6e6963}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37dafd3d-67ee-11df-aa17-00224315d19b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37dafd3d-67ee-11df-aa17-00224315d19b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37dafd3d-67ee-11df-aa17-00224315d19b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37dafd3d-67ee-11df-aa17-00224315d19b}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cbbd917-b2f8-11e0-946f-002185df9aff}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cbbd917-b2f8-11e0-946f-002185df9aff}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cbbd917-b2f8-11e0-946f-002185df9aff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cbbd917-b2f8-11e0-946f-002185df9aff}\ not found.
File F:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ccd9742-ff97-11de-a160-002185df9aff}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ccd9742-ff97-11de-a160-002185df9aff}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ccd9742-ff97-11de-a160-002185df9aff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ccd9742-ff97-11de-a160-002185df9aff}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94f43cc8-b2f6-11e0-828d-00224315d19b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94f43cc8-b2f6-11e0-828d-00224315d19b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94f43cc8-b2f6-11e0-828d-00224315d19b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94f43cc8-b2f6-11e0-828d-00224315d19b}\ not found.
File F:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf29e988-cf04-11e0-ba19-002185df9aff}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf29e988-cf04-11e0-ba19-002185df9aff}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf29e988-cf04-11e0-ba19-002185df9aff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf29e988-cf04-11e0-ba19-002185df9aff}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6e0570f-3beb-11df-8aa7-002185df9aff}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6e0570f-3beb-11df-8aa7-002185df9aff}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6e0570f-3beb-11df-8aa7-002185df9aff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6e0570f-3beb-11df-8aa7-002185df9aff}\ not found.
File F:\autorun.exe not found.
========== FILES ==========
C:\Users\Max Mustermann\AppData\Roaming\Ahabg folder moved successfully.
File\Folder C:\Users\Max Mustermann\AppData\Roaming\OrabliC:\Users\Max Mustermann\AppData\Roaming\Ereta not found.
C:\Users\Max Mustermann\AppData\Roaming\Ereta folder moved successfully.
C:\ProgramData\fcrjnefwpxjskbb folder moved successfully.
C:\ProgramData\lsvukeynxhvxwlp moved successfully.
C:\Users\Max Mustermann\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar\TrustChecker folder moved successfully.
C:\Users\Max Mustermann\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar\PTPCACHE folder moved successfully.
C:\Users\Max Mustermann\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar folder moved successfully.
C:\Users\Max Mustermann\AppData\Roaming\CheckPoint folder moved successfully.
C:\Users\Max Mustermann\AppData\Roaming\toolplugin folder moved successfully.
C:\Users\Max Mustermann\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Max Mustermann\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Max Mustermann\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Max Mustermann\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Max Mustermann\AppData\Roaming\Uniblue folder moved successfully.
C:\Users\Max Mustermann\Downloads\registrybooster.exe moved successfully.
File\Folder C:\Users\Max Mustermann\Downloads\Softonic* not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
 
User: Public
 
User: Max Mustermann
->Temp folder emptied: 122461045 bytes
->Java cache emptied: 13272016 bytes
->FireFox cache emptied: 57761849 bytes
->Google Chrome cache emptied: 7935103 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 506 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401397910 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 112800009 bytes
RecycleBin emptied: 112928142 bytes
 
Total Files Cleaned = 790,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Max Mustermann
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.0 log created on 07152012_114655

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 15.07.2012, 18:08   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt" - Standard

Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.07.2012, 19:35   #15
montyburns
 
Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt" - Standard

Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"



Hi,

weiter geht's unten mit dem Log des TDSS-Killers (es waren 2 txt-Dateien).

Danke & Gruß

Code:
ATTFilter
19:21:40.0334 5252	TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
19:21:40.0415 5252	============================================================
19:21:40.0415 5252	Current date / time: 2012/07/15 19:21:40.0415
19:21:40.0415 5252	SystemInfo:
19:21:40.0415 5252	
19:21:40.0415 5252	OS Version: 6.0.6001 ServicePack: 1.0
19:21:40.0415 5252	Product type: Workstation
19:21:40.0415 5252	ComputerName: MaxMustermann-PC
19:21nn:40.0415 5252	UserName: Max Mustermann
19:21:40.0415 5252	Windows directory: C:\Windows
19:21:40.0415 5252	System windows directory: C:\Windows
19:21:40.0415 5252	Processor architecture: Intel x86
19:21:40.0415 5252	Number of processors: 2
19:21:40.0415 5252	Page size: 0x1000
19:21:40.0415 5252	Boot type: Normal boot
19:21:40.0415 5252	============================================================
19:21:42.0790 5252	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:21:42.0800 5252	============================================================
19:21:42.0800 5252	\Device\Harddisk0\DR0:
19:21:42.0800 5252	MBR partitions:
19:21:42.0800 5252	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22D1E000
19:21:42.0800 5252	\Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x22D1E800, BlocksNum 0x270F800
19:21:42.0800 5252	============================================================
19:21:43.0020 5252	C: <-> \Device\Harddisk0\DR0\Partition0
19:21:43.0040 5252	D: <-> \Device\Harddisk0\DR0\Partition1
19:21:43.0040 5252	============================================================
19:21:43.0040 5252	Initialize success
19:21:43.0040 5252	============================================================
19:23:06.0010 4588	============================================================
19:23:06.0010 4588	Scan started
19:23:06.0010 4588	Mode: Manual; SigCheck; TDLFS; 
19:23:06.0010 4588	============================================================
19:23:07.0227 4588	ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
19:23:07.0320 4588	ACPI - ok
19:23:07.0773 4588	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:23:07.0788 4588	AdobeFlashPlayerUpdateSvc - ok
19:23:07.0866 4588	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:23:07.0975 4588	adp94xx - ok
19:23:08.0038 4588	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:23:08.0053 4588	adpahci - ok
19:23:08.0209 4588	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:23:08.0209 4588	adpu160m - ok
19:23:08.0334 4588	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:23:08.0350 4588	adpu320 - ok
19:23:08.0412 4588	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:23:08.0537 4588	AeLookupSvc - ok
19:23:08.0662 4588	AFD             (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
19:23:08.0755 4588	AFD - ok
19:23:08.0802 4588	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:23:08.0818 4588	agp440 - ok
19:23:08.0849 4588	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:23:08.0865 4588	aic78xx - ok
19:23:08.0974 4588	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:23:09.0145 4588	ALG - ok
19:23:09.0177 4588	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:23:09.0192 4588	aliide - ok
19:23:09.0270 4588	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:23:09.0286 4588	amdagp - ok
19:23:09.0301 4588	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:23:09.0317 4588	amdide - ok
19:23:09.0364 4588	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:23:09.0411 4588	AmdK7 - ok
19:23:09.0457 4588	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:23:09.0489 4588	AmdK8 - ok
19:23:09.0754 4588	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:23:09.0769 4588	AntiVirSchedulerService - ok
19:23:09.0832 4588	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:23:09.0847 4588	AntiVirService - ok
19:23:09.0894 4588	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:23:09.0972 4588	Appinfo - ok
19:23:10.0175 4588	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:23:10.0175 4588	Apple Mobile Device - ok
19:23:10.0206 4588	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:23:10.0222 4588	arc - ok
19:23:10.0269 4588	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:23:10.0269 4588	arcsas - ok
19:23:10.0331 4588	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:23:10.0378 4588	AsyncMac - ok
19:23:10.0409 4588	atapi           (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
19:23:10.0425 4588	atapi - ok
19:23:10.0487 4588	AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
19:23:10.0549 4588	AudioEndpointBuilder - ok
19:23:10.0549 4588	Audiosrv        (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
19:23:10.0581 4588	Audiosrv - ok
19:23:10.0674 4588	auusb           (87046fd16fe6c0f072f4fdee3fe454b1) C:\Windows\system32\DRIVERS\auusb.sys
19:23:10.0752 4588	auusb - ok
19:23:10.0815 4588	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
19:23:10.0815 4588	avgntflt - ok
19:23:10.0877 4588	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
19:23:10.0893 4588	avipbb - ok
19:23:10.0908 4588	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
19:23:10.0924 4588	avkmgr - ok
19:23:10.0955 4588	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:23:11.0017 4588	Beep - ok
19:23:11.0189 4588	BFE             (d3e6d78285529962349a7f1617035938) C:\Windows\System32\bfe.dll
19:23:11.0236 4588	BFE - ok
19:23:11.0423 4588	BITS            (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
19:23:11.0501 4588	BITS - ok
19:23:11.0610 4588	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:23:11.0657 4588	blbdrive - ok
19:23:11.0766 4588	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:23:11.0782 4588	Bonjour Service - ok
19:23:11.0907 4588	bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
19:23:11.0938 4588	bowser - ok
19:23:11.0985 4588	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:23:12.0031 4588	BrFiltLo - ok
19:23:12.0078 4588	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:23:12.0141 4588	BrFiltUp - ok
19:23:12.0203 4588	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:23:12.0250 4588	Browser - ok
19:23:12.0343 4588	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:23:12.0531 4588	Brserid - ok
19:23:12.0655 4588	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:23:12.0718 4588	BrSerWdm - ok
19:23:12.0780 4588	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:23:12.0843 4588	BrUsbMdm - ok
19:23:12.0874 4588	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:23:12.0921 4588	BrUsbSer - ok
19:23:12.0952 4588	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:23:13.0014 4588	BTHMODEM - ok
19:23:13.0030 4588	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:23:13.0077 4588	cdfs - ok
19:23:13.0092 4588	cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
19:23:13.0139 4588	cdrom - ok
19:23:13.0201 4588	CertPropSvc     (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
19:23:13.0264 4588	CertPropSvc - ok
19:23:13.0342 4588	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:23:13.0389 4588	circlass - ok
19:23:13.0498 4588	CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
19:23:13.0513 4588	CLFS - ok
19:23:13.0732 4588	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:23:13.0747 4588	clr_optimization_v2.0.50727_32 - ok
19:23:13.0810 4588	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:23:13.0857 4588	CmBatt - ok
19:23:13.0935 4588	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:23:13.0935 4588	cmdide - ok
19:23:14.0106 4588	cmnsusbser      (675d67423980fc1784b93aa47d350a31) C:\Windows\system32\DRIVERS\cmnsusbser.sys
19:23:14.0153 4588	cmnsusbser - ok
19:23:14.0169 4588	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:23:14.0169 4588	Compbatt - ok
19:23:14.0184 4588	COMSysApp - ok
19:23:14.0184 4588	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:23:14.0200 4588	crcdisk - ok
19:23:14.0215 4588	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:23:14.0262 4588	Crusoe - ok
19:23:14.0309 4588	CryptSvc        (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
19:23:14.0356 4588	CryptSvc - ok
19:23:14.0449 4588	DcomLaunch      (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
19:23:14.0512 4588	DcomLaunch - ok
19:23:14.0652 4588	DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
19:23:14.0699 4588	DfsC - ok
19:23:14.0871 4588	DFSR            (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
19:23:15.0011 4588	DFSR - ok
19:23:15.0339 4588	DgiVecp         (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
19:23:15.0339 4588	DgiVecp ( UnsignedFile.Multi.Generic ) - warning
19:23:15.0339 4588	DgiVecp - detected UnsignedFile.Multi.Generic (1)
19:23:15.0401 4588	Dhcp            (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
19:23:15.0479 4588	Dhcp - ok
19:23:15.0510 4588	disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
19:23:15.0526 4588	disk - ok
19:23:15.0573 4588	Dnscache        (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
19:23:15.0619 4588	Dnscache - ok
19:23:15.0651 4588	dot3svc         (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
19:23:15.0697 4588	dot3svc - ok
19:23:15.0729 4588	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:23:15.0775 4588	DPS - ok
19:23:15.0822 4588	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:23:15.0853 4588	drmkaud - ok
19:23:15.0947 4588	DXGKrnl         (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
19:23:16.0041 4588	DXGKrnl - ok
19:23:16.0087 4588	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:23:16.0134 4588	E1G60 - ok
19:23:16.0181 4588	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:23:16.0212 4588	EapHost - ok
19:23:16.0259 4588	Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
19:23:16.0275 4588	Ecache - ok
19:23:16.0384 4588	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:23:16.0415 4588	ehRecvr - ok
19:23:16.0446 4588	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:23:16.0493 4588	ehSched - ok
19:23:16.0509 4588	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:23:16.0524 4588	ehstart - ok
19:23:16.0587 4588	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:23:16.0665 4588	elxstor - ok
19:23:16.0883 4588	EMDMgmt         (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
19:23:16.0945 4588	EMDMgmt - ok
19:23:16.0992 4588	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:23:17.0023 4588	ErrDev - ok
19:23:17.0086 4588	EventSystem     (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
19:23:17.0133 4588	EventSystem - ok
19:23:17.0195 4588	ewusbnet        (90a6949c19152c8706a558823eff55ef) C:\Windows\system32\DRIVERS\ewusbnet.sys
19:23:17.0273 4588	ewusbnet - ok
19:23:17.0460 4588	ew_hwusbdev     (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
19:23:17.0507 4588	ew_hwusbdev - ok
19:23:17.0538 4588	exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
19:23:17.0585 4588	exfat - ok
19:23:17.0679 4588	fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
19:23:17.0741 4588	fastfat - ok
19:23:17.0881 4588	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:23:17.0959 4588	fdc - ok
19:23:18.0100 4588	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:23:18.0209 4588	fdPHost - ok
19:23:18.0521 4588	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:23:18.0583 4588	FDResPub - ok
19:23:19.0083 4588	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:23:19.0098 4588	FileInfo - ok
19:23:19.0441 4588	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:23:19.0473 4588	Filetrace - ok
19:23:19.0863 4588	FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:23:19.0909 4588	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:23:19.0909 4588	FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:23:20.0034 4588	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:23:20.0128 4588	flpydisk - ok
19:23:20.0362 4588	FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
19:23:20.0377 4588	FltMgr - ok
19:23:20.0752 4588	FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:23:20.0752 4588	FontCache3.0.0.0 - ok
19:23:20.0783 4588	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:23:20.0814 4588	Fs_Rec - ok
19:23:20.0970 4588	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:23:20.0986 4588	gagp30kx - ok
19:23:21.0033 4588	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:23:21.0048 4588	GEARAspiWDM - ok
19:23:21.0142 4588	ggflt           (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
19:23:21.0142 4588	ggflt - ok
19:23:21.0204 4588	ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
19:23:21.0220 4588	ggsemc - ok
19:23:21.0953 4588	gpsvc           (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
19:23:22.0000 4588	gpsvc - ok
19:23:22.0265 4588	gupdate1ca5bea4aa87492 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:23:22.0281 4588	gupdate1ca5bea4aa87492 - ok
19:23:22.0281 4588	gupdatem        (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:23:22.0296 4588	gupdatem - ok
19:23:22.0374 4588	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:23:22.0452 4588	HdAudAddService - ok
19:23:22.0795 4588	HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:23:22.0827 4588	HDAudBus - ok
19:23:22.0998 4588	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:23:23.0107 4588	HidBth - ok
19:23:23.0248 4588	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:23:23.0279 4588	HidIr - ok
19:23:23.0404 4588	hidserv         (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
19:23:23.0482 4588	hidserv - ok
19:23:23.0591 4588	HidUsb          (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
19:23:23.0685 4588	HidUsb - ok
19:23:23.0716 4588	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:23:23.0747 4588	hkmsvc - ok
19:23:23.0903 4588	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:23:23.0919 4588	HpCISSs - ok
19:23:24.0121 4588	HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
19:23:24.0168 4588	HTTP - ok
19:23:24.0231 4588	huawei_cdcacm   (6723835670a746eb97cb932f61151169) C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
19:23:24.0277 4588	huawei_cdcacm - ok
19:23:24.0324 4588	huawei_cdcecm   (132af7d47704801f7af5bafcc623825c) C:\Windows\system32\DRIVERS\ew_jucdcecm.sys
19:23:24.0355 4588	huawei_cdcecm - ok
19:23:24.0745 4588	huawei_enumerator (2f23aba465b24a57e8664a124a53cc15) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
19:23:24.0823 4588	huawei_enumerator - ok
19:23:24.0901 4588	huawei_ext_ctrl (50a16e0f4586338f1114a54c906463b5) C:\Windows\system32\DRIVERS\ew_juextctrl.sys
19:23:24.0964 4588	huawei_ext_ctrl - ok
19:23:25.0042 4588	hwdatacard      (1c09309a3d793c57ef87ac60c6bbd739) C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:23:25.0104 4588	hwdatacard - ok
19:23:25.0167 4588	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:23:25.0182 4588	i2omp - ok
19:23:25.0229 4588	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:23:25.0245 4588	i8042prt - ok
19:23:25.0494 4588	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:23:25.0525 4588	iaStorV - ok
19:23:26.0196 4588	idsvc           (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:23:26.0243 4588	idsvc - ok
19:23:26.0711 4588	igfx            (38eb97b9898c56e6bdf6824a6a717312) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:23:26.0914 4588	igfx - ok
19:23:28.0084 4588	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:23:28.0084 4588	iirsp - ok
19:23:28.0209 4588	IKEEXT          (68e8c415e102e5d79fd7e4a765b8cba4) C:\Windows\System32\ikeext.dll
19:23:28.0255 4588	IKEEXT - ok
19:23:29.0160 4588	IntcAzAudAddService (fe912e4a9719a9792669debb403cb9b1) C:\Windows\system32\drivers\RTKVHDA.sys
19:23:29.0301 4588	IntcAzAudAddService - ok
19:23:29.0675 4588	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:23:29.0691 4588	intelide - ok
19:23:29.0706 4588	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:23:29.0737 4588	intelppm - ok
19:23:30.0034 4588	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:23:30.0096 4588	IPBusEnum - ok
19:23:30.0283 4588	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:23:30.0330 4588	IpFilterDriver - ok
19:23:30.0517 4588	iphlpsvc        (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
19:23:30.0549 4588	iphlpsvc - ok
19:23:30.0564 4588	IpInIp - ok
19:23:30.0720 4588	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:23:30.0751 4588	IPMIDRV - ok
19:23:30.0954 4588	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:23:30.0985 4588	IPNAT - ok
19:23:31.0329 4588	iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
19:23:31.0407 4588	iPod Service - ok
19:23:31.0438 4588	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:23:31.0469 4588	IRENUM - ok
19:23:32.0124 4588	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:23:32.0140 4588	isapnp - ok
19:23:32.0218 4588	iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
19:23:32.0218 4588	iScsiPrt - ok
19:23:32.0421 4588	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:23:32.0436 4588	iteatapi - ok
19:23:32.0701 4588	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:23:32.0717 4588	iteraid - ok
19:23:32.0748 4588	JMCR            (8da4444217d286fdd3a4ed6b4ac5c635) C:\Windows\system32\DRIVERS\jmcr.sys
19:23:32.0811 4588	JMCR - ok
19:23:32.0842 4588	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:23:32.0857 4588	kbdclass - ok
19:23:32.0935 4588	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
19:23:33.0013 4588	kbdhid - ok
19:23:33.0076 4588	KeyIso          (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
19:23:33.0123 4588	KeyIso - ok
19:23:33.0169 4588	KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
19:23:33.0185 4588	KSecDD - ok
19:23:33.0232 4588	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:23:33.0263 4588	KtmRm - ok
19:23:33.0294 4588	LanmanServer    (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
19:23:33.0341 4588	LanmanServer - ok
19:23:33.0559 4588	LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
19:23:33.0637 4588	LanmanWorkstation - ok
19:23:33.0762 4588	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:23:33.0809 4588	lltdio - ok
19:23:33.0965 4588	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:23:34.0043 4588	lltdsvc - ok
19:23:34.0137 4588	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:23:34.0183 4588	lmhosts - ok
19:23:34.0995 4588	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:23:35.0010 4588	LSI_FC - ok
19:23:35.0151 4588	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:23:35.0166 4588	LSI_SAS - ok
19:23:35.0431 4588	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:23:35.0447 4588	LSI_SCSI - ok
19:23:35.0743 4588	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:23:35.0775 4588	luafv - ok
19:23:36.0087 4588	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:23:36.0133 4588	Mcx2Svc - ok
19:23:36.0227 4588	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:23:36.0243 4588	megasas - ok
19:23:36.0352 4588	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:23:36.0383 4588	MegaSR - ok
19:23:36.0445 4588	MF2ACT          (49ec57c888a591a0256da2fbcb95eab0) C:\Windows\system32\Drivers\MF2ACT.sys
19:23:36.0492 4588	MF2ACT - ok
19:23:36.0555 4588	mf2nt           (1215cd6d0991640a6873939d9f015355) C:\Windows\system32\drivers\mf2nt.sys
19:23:36.0570 4588	mf2nt ( UnsignedFile.Multi.Generic ) - warning
19:23:36.0570 4588	mf2nt - detected UnsignedFile.Multi.Generic (1)
19:23:36.0586 4588	MGHwCtrl - ok
19:23:36.0664 4588	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:23:36.0742 4588	MMCSS - ok
19:23:37.0007 4588	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:23:37.0038 4588	Modem - ok
19:23:37.0101 4588	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:23:37.0132 4588	monitor - ok
19:23:37.0553 4588	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:23:37.0569 4588	mouclass - ok
19:23:37.0818 4588	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:23:37.0912 4588	mouhid - ok
19:23:37.0943 4588	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:23:37.0943 4588	MountMgr - ok
19:23:38.0239 4588	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:23:38.0239 4588	MozillaMaintenance - ok
19:23:38.0473 4588	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:23:38.0489 4588	mpio - ok
19:23:38.0629 4588	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:23:38.0661 4588	mpsdrv - ok
19:23:38.0692 4588	MpsSvc          (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
19:23:38.0739 4588	MpsSvc - ok
19:23:38.0754 4588	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:23:38.0770 4588	Mraid35x - ok
19:23:38.0785 4588	MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
19:23:38.0863 4588	MRxDAV - ok
19:23:39.0019 4588	mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:23:39.0066 4588	mrxsmb - ok
19:23:39.0175 4588	mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:23:39.0207 4588	mrxsmb10 - ok
19:23:39.0253 4588	mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:23:39.0285 4588	mrxsmb20 - ok
19:23:39.0347 4588	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
19:23:39.0363 4588	msahci - ok
19:23:39.0378 4588	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:23:39.0394 4588	msdsm - ok
19:23:39.0597 4588	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:23:39.0628 4588	MSDTC - ok
19:23:39.0784 4588	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:23:39.0815 4588	Msfs - ok
19:23:39.0877 4588	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:23:39.0877 4588	msisadrv - ok
19:23:39.0987 4588	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:23:40.0002 4588	MSiSCSI - ok
19:23:40.0018 4588	msiserver - ok
19:23:40.0065 4588	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:23:40.0111 4588	MSKSSRV - ok
19:23:40.0111 4588	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:23:40.0174 4588	MSPCLOCK - ok
19:23:40.0205 4588	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:23:40.0221 4588	MSPQM - ok
19:23:40.0236 4588	MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
19:23:40.0252 4588	MsRPC - ok
19:23:40.0377 4588	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:23:40.0392 4588	mssmbios - ok
19:23:40.0439 4588	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:23:40.0455 4588	MSTEE - ok
19:23:40.0907 4588	Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
19:23:40.0907 4588	Mup - ok
19:23:40.0969 4588	napagent        (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
19:23:41.0016 4588	napagent - ok
19:23:41.0079 4588	NativeWifiP     (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
19:23:41.0094 4588	NativeWifiP - ok
19:23:41.0172 4588	NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
19:23:41.0188 4588	NDIS - ok
19:23:41.0297 4588	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:23:41.0391 4588	NdisTapi - ok
19:23:41.0531 4588	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:23:41.0562 4588	Ndisuio - ok
19:23:41.0749 4588	NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
19:23:41.0781 4588	NdisWan - ok
19:23:41.0905 4588	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:23:41.0921 4588	NDProxy - ok
19:23:42.0483 4588	Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
19:23:42.0529 4588	Nero BackItUp Scheduler 3 - ok
19:23:42.0561 4588	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:23:42.0623 4588	NetBIOS - ok
19:23:42.0826 4588	netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
19:23:42.0873 4588	netbt - ok
19:23:42.0997 4588	Netlogon        (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
19:23:43.0013 4588	Netlogon - ok
19:23:43.0216 4588	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:23:43.0263 4588	Netman - ok
19:23:43.0575 4588	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:23:43.0621 4588	netprofm - ok
19:23:43.0777 4588	netr28          (3f540b257442cc1a2220dd8f73ac1c77) C:\Windows\system32\DRIVERS\netr28.sys
19:23:43.0887 4588	netr28 - ok
19:23:44.0121 4588	NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:23:44.0136 4588	NetTcpPortSharing - ok
19:23:44.0245 4588	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:23:44.0261 4588	nfrd960 - ok
19:23:44.0292 4588	NishService - ok
19:23:44.0433 4588	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:23:44.0464 4588	NlaSvc - ok
19:23:45.0010 4588	NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
19:23:45.0025 4588	NMIndexingService - ok
19:23:45.0072 4588	nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
19:23:45.0072 4588	nosGetPlusHelper - ok
19:23:45.0322 4588	Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
19:23:45.0384 4588	Npfs - ok
19:23:45.0525 4588	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:23:45.0556 4588	nsi - ok
19:23:45.0603 4588	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:23:45.0649 4588	nsiproxy - ok
19:23:45.0930 4588	Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
19:23:45.0993 4588	Ntfs - ok
19:23:46.0164 4588	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:23:46.0227 4588	ntrigdigi - ok
19:23:46.0320 4588	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:23:46.0414 4588	Null - ok
19:23:46.0461 4588	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:23:46.0461 4588	nvraid - ok
19:23:46.0710 4588	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:23:46.0726 4588	nvstor - ok
19:23:47.0069 4588	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:23:47.0085 4588	nv_agp - ok
19:23:47.0085 4588	NwlnkFlt - ok
19:23:47.0100 4588	NwlnkFwd - ok
19:23:47.0303 4588	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:23:47.0319 4588	odserv - ok
19:23:47.0521 4588	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
19:23:47.0553 4588	ohci1394 - ok
19:23:47.0818 4588	OMSI download service (da345de3b450e9e1691e7b9956d8ffc3) C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
19:23:47.0818 4588	OMSI download service ( UnsignedFile.Multi.Generic ) - warning
19:23:47.0818 4588	OMSI download service - detected UnsignedFile.Multi.Generic (1)
19:23:47.0880 4588	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:23:47.0880 4588	ose - ok
19:23:48.0021 4588	p2pimsvc        (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
19:23:48.0083 4588	p2pimsvc - ok
19:23:48.0099 4588	p2psvc          (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
19:23:48.0114 4588	p2psvc - ok
19:23:48.0286 4588	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:23:48.0348 4588	Parport - ok
19:23:48.0395 4588	partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
19:23:48.0411 4588	partmgr - ok
19:23:48.0504 4588	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:23:48.0567 4588	Parvdm - ok
19:23:48.0801 4588	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:23:48.0847 4588	PcaSvc - ok
19:23:49.0284 4588	pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
19:23:49.0300 4588	pci - ok
19:23:49.0456 4588	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
19:23:49.0471 4588	pciide - ok
19:23:49.0534 4588	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:23:49.0534 4588	pcmcia - ok
19:23:49.0643 4588	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:23:49.0752 4588	PEAUTH - ok
19:23:50.0205 4588	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:23:50.0314 4588	pla - ok
19:23:50.0454 4588	PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
19:23:50.0470 4588	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
19:23:50.0470 4588	PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
19:23:50.0501 4588	PlugPlay        (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
19:23:50.0532 4588	PlugPlay - ok
19:23:50.0657 4588	PNRPAutoReg     (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
19:23:50.0766 4588	PNRPAutoReg - ok
19:23:50.0782 4588	PNRPsvc         (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
19:23:50.0797 4588	PNRPsvc - ok
19:23:50.0891 4588	PolicyAgent     (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
19:23:50.0953 4588	PolicyAgent - ok
19:23:51.0312 4588	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:23:51.0343 4588	PptpMiniport - ok
19:23:51.0375 4588	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:23:51.0406 4588	Processor - ok
19:23:51.0562 4588	ProfSvc         (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
19:23:51.0609 4588	ProfSvc - ok
19:23:51.0718 4588	ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
19:23:51.0733 4588	ProtectedStorage - ok
19:23:51.0796 4588	ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe
19:23:51.0811 4588	ProtexisLicensing - ok
19:23:51.0843 4588	PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
19:23:51.0874 4588	PSched - ok
19:23:52.0155 4588	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:23:52.0264 4588	ql2300 - ok
19:23:52.0295 4588	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:23:52.0311 4588	ql40xx - ok
19:23:52.0467 4588	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:23:52.0482 4588	QWAVE - ok
19:23:52.0498 4588	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:23:52.0545 4588	QWAVEdrv - ok
19:23:52.0576 4588	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:23:52.0607 4588	RasAcd - ok
19:23:52.0623 4588	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:23:52.0701 4588	RasAuto - ok
19:23:52.0872 4588	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:23:52.0903 4588	Rasl2tp - ok
19:23:52.0981 4588	RasMan          (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
19:23:53.0013 4588	RasMan - ok
19:23:53.0059 4588	RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
19:23:53.0091 4588	RasPppoe - ok
19:23:53.0169 4588	RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
19:23:53.0184 4588	RasSstp - ok
19:23:53.0293 4588	rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
19:23:53.0340 4588	rdbss - ok
19:23:53.0371 4588	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:23:53.0403 4588	RDPCDD - ok
19:23:53.0481 4588	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:23:53.0512 4588	rdpdr - ok
19:23:53.0512 4588	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:23:53.0543 4588	RDPENCDD - ok
19:23:53.0637 4588	RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
19:23:53.0683 4588	RDPWD - ok
19:23:53.0761 4588	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:23:53.0793 4588	RemoteAccess - ok
19:23:53.0886 4588	RemoteRegistry  (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
19:23:53.0902 4588	RemoteRegistry - ok
19:23:54.0151 4588	RichVideo       (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
19:23:54.0198 4588	RichVideo ( UnsignedFile.Multi.Generic ) - warning
19:23:54.0198 4588	RichVideo - detected UnsignedFile.Multi.Generic (1)
19:23:54.0229 4588	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:23:54.0261 4588	RpcLocator - ok
19:23:54.0401 4588	RpcSs           (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
19:23:54.0417 4588	RpcSs - ok
19:23:54.0463 4588	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:23:54.0479 4588	rspndr - ok
19:23:54.0557 4588	RTL8169         (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:23:54.0604 4588	RTL8169 - ok
19:23:54.0697 4588	s0017bus        (594ff5620661d1386475406e78cb6f2f) C:\Windows\system32\DRIVERS\s0017bus.sys
19:23:54.0713 4588	s0017bus - ok
19:23:54.0760 4588	s0017mdfl       (7258f550419d543bc5c8e80c578a5d54) C:\Windows\system32\DRIVERS\s0017mdfl.sys
19:23:54.0760 4588	s0017mdfl - ok
19:23:54.0869 4588	s0017mdm        (1de4f6607feb17a15dbd4f1b139e6d2f) C:\Windows\system32\DRIVERS\s0017mdm.sys
19:23:54.0885 4588	s0017mdm - ok
19:23:54.0931 4588	s0017mgmt       (9814e6bacc06d2526cd52981c7eeedf0) C:\Windows\system32\DRIVERS\s0017mgmt.sys
19:23:54.0947 4588	s0017mgmt - ok
19:23:54.0994 4588	s0017nd5        (2c62cd58225973f26682cd4f783ddede) C:\Windows\system32\DRIVERS\s0017nd5.sys
19:23:55.0009 4588	s0017nd5 - ok
19:23:55.0087 4588	s0017obex       (f87c3422e84b2fb1b43e0a26247ad5a5) C:\Windows\system32\DRIVERS\s0017obex.sys
19:23:55.0087 4588	s0017obex - ok
19:23:55.0134 4588	s0017unic       (df5e7360a0afa5956bf75da683d0679f) C:\Windows\system32\DRIVERS\s0017unic.sys
19:23:55.0134 4588	s0017unic - ok
19:23:55.0181 4588	s1018bus        (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys
19:23:55.0197 4588	s1018bus - ok
19:23:55.0275 4588	s1018mdfl       (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys
19:23:55.0290 4588	s1018mdfl - ok
19:23:55.0321 4588	s1018mdm        (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys
19:23:55.0337 4588	s1018mdm - ok
19:23:55.0415 4588	s1018mgmt       (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
19:23:55.0446 4588	s1018mgmt - ok
19:23:55.0477 4588	s1018nd5        (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys
19:23:55.0477 4588	s1018nd5 - ok
19:23:55.0555 4588	s1018obex       (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys
19:23:55.0555 4588	s1018obex - ok
19:23:55.0649 4588	s1018unic       (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys
19:23:55.0665 4588	s1018unic - ok
19:23:55.0727 4588	SamSs           (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
19:23:55.0743 4588	SamSs - ok
19:23:55.0789 4588	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:23:55.0789 4588	sbp2port - ok
19:23:55.0899 4588	SCardSvr        (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
19:23:55.0930 4588	SCardSvr - ok
19:23:56.0086 4588	Schedule        (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
19:23:56.0195 4588	Schedule - ok
19:23:56.0226 4588	SCPolicySvc     (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
19:23:56.0257 4588	SCPolicySvc - ok
19:23:56.0382 4588	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
19:23:56.0413 4588	sdbus - ok
19:23:56.0538 4588	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:23:56.0601 4588	SDRSVC - ok
19:23:56.0632 4588	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:23:56.0679 4588	secdrv - ok
19:23:56.0757 4588	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:23:56.0788 4588	seclogon - ok
19:23:56.0881 4588	seehcri         (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
19:23:56.0913 4588	seehcri - ok
19:23:56.0928 4588	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:23:56.0975 4588	SENS - ok
19:23:57.0053 4588	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:23:57.0115 4588	Serenum - ok
19:23:57.0256 4588	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:23:57.0318 4588	Serial - ok
19:23:57.0396 4588	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:23:57.0412 4588	sermouse - ok
19:23:57.0537 4588	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:23:57.0568 4588	SessionEnv - ok
19:23:57.0630 4588	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:23:57.0661 4588	sffdisk - ok
19:23:57.0693 4588	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:23:57.0771 4588	sffp_mmc - ok
19:23:57.0786 4588	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:23:57.0833 4588	sffp_sd - ok
19:23:57.0880 4588	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:23:57.0973 4588	sfloppy - ok
19:23:58.0036 4588	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:23:58.0114 4588	SharedAccess - ok
19:23:58.0254 4588	ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
19:23:58.0348 4588	ShellHWDetection - ok
19:23:58.0363 4588	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:23:58.0363 4588	sisagp - ok
19:23:58.0410 4588	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:23:58.0426 4588	SiSRaid2 - ok
19:23:58.0535 4588	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:23:58.0551 4588	SiSRaid4 - ok
19:23:58.0894 4588	slsvc           (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
19:23:59.0065 4588	slsvc - ok
19:23:59.0237 4588	SLUINotify      (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
19:23:59.0284 4588	SLUINotify - ok
19:23:59.0377 4588	Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
19:23:59.0424 4588	Smb - ok
19:23:59.0487 4588	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:23:59.0502 4588	SNMPTRAP - ok
19:23:59.0549 4588	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:23:59.0565 4588	spldr - ok
19:23:59.0674 4588	Spooler         (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
19:23:59.0721 4588	Spooler - ok
19:23:59.0814 4588	srv             (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
19:23:59.0861 4588	srv - ok
19:23:59.0955 4588	srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
19:23:59.0986 4588	srv2 - ok
19:24:00.0048 4588	srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
19:24:00.0111 4588	srvnet - ok
19:24:00.0563 4588	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:24:00.0657 4588	SSDPSRV - ok
19:24:00.0703 4588	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:24:00.0719 4588	ssmdrv - ok
19:24:00.0781 4588	SSPORT          (5f77725ec309de1242d8efc8e9259a9f) C:\Windows\system32\Drivers\SSPORT.sys
19:24:00.0797 4588	SSPORT ( UnsignedFile.Multi.Generic ) - warning
19:24:00.0797 4588	SSPORT - detected UnsignedFile.Multi.Generic (1)
19:24:00.0844 4588	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:24:00.0875 4588	SstpSvc - ok
19:24:00.0953 4588	stisvc          (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
19:24:01.0015 4588	stisvc - ok
19:24:01.0125 4588	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:24:01.0125 4588	swenum - ok
19:24:01.0156 4588	swprv           (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
19:24:01.0187 4588	swprv - ok
19:24:01.0359 4588	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:24:01.0359 4588	Symc8xx - ok
19:24:01.0390 4588	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:24:01.0390 4588	Sym_hi - ok
19:24:01.0515 4588	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:24:01.0515 4588	Sym_u3 - ok
19:24:01.0764 4588	SysMain         (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
19:24:01.0811 4588	SysMain - ok
19:24:01.0873 4588	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:24:01.0920 4588	TabletInputService - ok
19:24:01.0967 4588	TapiSrv         (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
19:24:02.0014 4588	TapiSrv - ok
19:24:02.0076 4588	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:24:02.0107 4588	TBS - ok
19:24:02.0217 4588	Tcpip           (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
19:24:02.0279 4588	Tcpip - ok
19:24:02.0295 4588	Tcpip6          (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
19:24:02.0341 4588	Tcpip6 - ok
19:24:02.0373 4588	tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
19:24:02.0419 4588	tcpipreg - ok
19:24:02.0435 4588	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:24:02.0482 4588	TDPIPE - ok
19:24:02.0497 4588	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:24:02.0529 4588	TDTCP - ok
19:24:02.0560 4588	tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
19:24:02.0591 4588	tdx - ok
19:24:02.0607 4588	TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
19:24:02.0622 4588	TermDD - ok
19:24:02.0685 4588	TermService     (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
19:24:02.0716 4588	TermService - ok
19:24:02.0763 4588	Themes          (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
19:24:02.0778 4588	Themes - ok
19:24:02.0825 4588	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:24:02.0856 4588	THREADORDER - ok
19:24:02.0872 4588	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:24:02.0903 4588	TrkWks - ok
19:24:02.0965 4588	TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
19:24:03.0012 4588	TrustedInstaller - ok
19:24:03.0059 4588	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:24:03.0121 4588	tssecsrv - ok
19:24:03.0168 4588	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:24:03.0215 4588	tunmp - ok
19:24:03.0355 4588	tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
19:24:03.0387 4588	tunnel - ok
19:24:03.0402 4588	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:24:03.0418 4588	uagp35 - ok
19:24:03.0543 4588	udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
19:24:03.0589 4588	udfs - ok
19:24:03.0652 4588	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:24:03.0730 4588	UI0Detect - ok
19:24:03.0777 4588	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:24:03.0792 4588	uliagpkx - ok
19:24:03.0839 4588	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:24:03.0870 4588	uliahci - ok
19:24:03.0901 4588	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:24:03.0917 4588	UlSata - ok
19:24:03.0933 4588	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:24:03.0933 4588	ulsata2 - ok
19:24:03.0964 4588	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:24:04.0011 4588	umbus - ok
19:24:04.0042 4588	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:24:04.0073 4588	upnphost - ok
19:24:04.0120 4588	USBAAPL         (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
19:24:04.0135 4588	USBAAPL ( UnsignedFile.Multi.Generic ) - warning
19:24:04.0135 4588	USBAAPL - detected UnsignedFile.Multi.Generic (1)
19:24:04.0182 4588	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:24:04.0213 4588	usbccgp - ok
19:24:04.0245 4588	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:24:04.0307 4588	usbcir - ok
19:24:04.0354 4588	usbehci         (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
19:24:04.0385 4588	usbehci - ok
19:24:04.0432 4588	usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
19:24:04.0447 4588	usbhub - ok
19:24:04.0463 4588	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:24:04.0510 4588	usbohci - ok
19:24:04.0557 4588	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:24:04.0572 4588	usbprint - ok
19:24:04.0603 4588	USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:24:04.0635 4588	USBSTOR - ok
19:24:04.0650 4588	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:24:04.0697 4588	usbuhci - ok
19:24:04.0806 4588	usnjsvc         (9d19b042a4fd5c02195071ea2fe0c821) C:\Program Files\Windows Live\Messenger\usnsvc.exe
19:24:04.0822 4588	usnjsvc - ok
19:24:04.0869 4588	UxSms           (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
19:24:04.0931 4588	UxSms - ok
19:24:05.0009 4588	vds             (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
19:24:05.0103 4588	vds - ok
19:24:05.0196 4588	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:24:05.0243 4588	vga - ok
19:24:05.0305 4588	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:24:05.0352 4588	VgaSave - ok
19:24:05.0383 4588	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:24:05.0383 4588	viaagp - ok
19:24:05.0399 4588	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:24:05.0430 4588	ViaC7 - ok
19:24:05.0477 4588	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:24:05.0477 4588	viaide - ok
19:24:05.0602 4588	VmbService      (7e4769483d416aa04b916aab7ef0dbaf) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
19:24:05.0602 4588	VmbService ( UnsignedFile.Multi.Generic ) - warning
19:24:05.0602 4588	VmbService - detected UnsignedFile.Multi.Generic (1)
19:24:05.0617 4588	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:24:05.0617 4588	volmgr - ok
19:24:05.0664 4588	volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
19:24:05.0680 4588	volmgrx - ok
19:24:05.0711 4588	volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
19:24:05.0727 4588	volsnap - ok
19:24:05.0773 4588	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:24:05.0773 4588	vsmraid - ok
19:24:05.0867 4588	VSS             (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
19:24:05.0945 4588	VSS - ok
19:24:05.0976 4588	W32Time         (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
19:24:06.0007 4588	W32Time - ok
19:24:06.0054 4588	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:24:06.0117 4588	WacomPen - ok
19:24:06.0148 4588	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:24:06.0179 4588	Wanarp - ok
19:24:06.0195 4588	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:24:06.0210 4588	Wanarpv6 - ok
19:24:06.0241 4588	wcncsvc         (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
19:24:06.0273 4588	wcncsvc - ok
19:24:06.0304 4588	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:24:06.0335 4588	WcsPlugInService - ok
19:24:06.0351 4588	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:24:06.0366 4588	Wd - ok
19:24:06.0397 4588	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:24:06.0429 4588	Wdf01000 - ok
19:24:06.0460 4588	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:24:06.0491 4588	WdiServiceHost - ok
19:24:06.0491 4588	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:24:06.0522 4588	WdiSystemHost - ok
19:24:06.0553 4588	WebClient       (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
19:24:06.0616 4588	WebClient - ok
19:24:06.0663 4588	Wecsvc          (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
19:24:06.0694 4588	Wecsvc - ok
19:24:06.0772 4588	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:24:06.0834 4588	wercplsupport - ok
19:24:06.0850 4588	WerSvc          (4081288554294f144e5a7d4ee20e3ce6) C:\Windows\System32\WerSvc.dll
19:24:06.0928 4588	WerSvc - ok
19:24:07.0053 4588	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:24:07.0053 4588	WinDefend - ok
19:24:07.0068 4588	WinHttpAutoProxySvc - ok
19:24:07.0146 4588	Winmgmt         (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
19:24:07.0209 4588	Winmgmt - ok
19:24:07.0271 4588	WinRM           (20fc93fdc916843cfdfcaa7a1b0db16f) C:\Windows\system32\WsmSvc.dll
19:24:07.0427 4588	WinRM - ok
19:24:07.0521 4588	Wlansvc         (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
19:24:07.0567 4588	Wlansvc - ok
19:24:07.0645 4588	WLSetupSvc      (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
19:24:07.0677 4588	WLSetupSvc - ok
19:24:07.0723 4588	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
19:24:07.0755 4588	WmiAcpi - ok
19:24:07.0833 4588	wmiApSrv        (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
19:24:07.0864 4588	wmiApSrv - ok
19:24:08.0020 4588	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:24:08.0113 4588	WMPNetworkSvc - ok
19:24:08.0145 4588	WPCSvc          (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
19:24:08.0176 4588	WPCSvc - ok
19:24:08.0191 4588	WPDBusEnum      (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
19:24:08.0238 4588	WPDBusEnum - ok
19:24:08.0301 4588	WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
19:24:08.0332 4588	WpdUsb - ok
19:24:08.0347 4588	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:24:08.0379 4588	ws2ifsl - ok
19:24:08.0379 4588	wscsvc          (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
19:24:08.0394 4588	wscsvc - ok
19:24:08.0410 4588	WSearch - ok
19:24:08.0503 4588	WTGService      (67c1bcccb4b59552bd62827f812a3a8b) C:\Program Files\XSManager\WTGService.exe
19:24:08.0519 4588	WTGService - ok
19:24:08.0644 4588	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:24:08.0862 4588	wuauserv - ok
19:24:09.0237 4588	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:24:09.0299 4588	WUDFRd - ok
19:24:09.0315 4588	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:24:09.0361 4588	wudfsvc - ok
19:24:09.0393 4588	XMLDIUSB        (eec2098940e9a0804b25dd6be3676224) C:\Windows\system32\Drivers\XMLDIUSB.sys
19:24:09.0439 4588	XMLDIUSB - ok
19:24:09.0486 4588	XS Stick Service (4a8de57515970066e1afc562cbe818c7) C:\Windows\service4g.exe
19:24:09.0486 4588	XS Stick Service - ok
19:24:09.0549 4588	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:24:09.0876 4588	\Device\Harddisk0\DR0 - ok
19:24:09.0876 4588	Boot (0x1200)   (dd153639ed9a486481e164549cb6200d) \Device\Harddisk0\DR0\Partition0
19:24:09.0876 4588	\Device\Harddisk0\DR0\Partition0 - ok
19:24:09.0892 4588	Boot (0x1200)   (c362d02326c1edd424d6f2cb926cd2c8) \Device\Harddisk0\DR0\Partition1
19:24:09.0892 4588	\Device\Harddisk0\DR0\Partition1 - ok
19:24:09.0892 4588	============================================================
19:24:09.0892 4588	Scan finished
19:24:09.0892 4588	============================================================
19:24:09.0907 1164	Detected object count: 9
19:24:09.0907 1164	Actual detected object count: 9
         
Code:
ATTFilter
19:21:05.0902 5776	TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
19:21:06.0487 5776	============================================================
19:21:06.0487 5776	Current date / time: 2012/07/15 19:21:06.0487
19:21:06.0487 5776	SystemInfo:
19:21:06.0488 5776	
19:21:06.0488 5776	OS Version: 6.0.6001 ServicePack: 1.0
19:21:06.0488 5776	Product type: Workstation
19:21:06.0488 5776	ComputerName: MaxMustermann-PC
19:21:06.0488 5776	UserName: Max Mustermann
19:21:06.0488 5776	Windows directory: C:\Windows
19:21:06.0488 5776	System windows directory: C:\Windows
19:21:06.0488 5776	Processor architecture: Intel x86
19:21:06.0488 5776	Number of processors: 2
19:21:06.0488 5776	Page size: 0x1000
19:21:06.0488 5776	Boot type: Normal boot
19:21:06.0488 5776	============================================================
19:21:07.0882 5776	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:21:07.0882 5776	============================================================
19:21:07.0882 5776	\Device\Harddisk0\DR0:
19:21:07.0882 5776	MBR partitions:
19:21:07.0882 5776	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22D1E000
19:21:07.0882 5776	\Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x22D1E800, BlocksNum 0x270F800
19:21:07.0882 5776	============================================================
19:21:07.0922 5776	C: <-> \Device\Harddisk0\DR0\Partition0
19:21:07.0952 5776	D: <-> \Device\Harddisk0\DR0\Partition1
19:21:07.0952 5776	============================================================
19:21:07.0952 5776	Initialize success
19:21:07.0952 5776	============================================================
19:21:33.0583 3136	Deinitialize success
         

Antwort

Themen zu Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"
abgesicherten, avira rescue, brauche, computer, desktop, ebenfalls, entfernen, gesperrt, hallo zusammen, infizierte, log-datei, malwarebytes, programm, quarantäne, rechner, spyware.zbot.rr, system, trojan.agent/gen-dlg, trojan.winlock.g, trojaner, trojaner bundespolizei entfernen, win32/adware.adon, win32/softonicdownloader.a



Ähnliche Themen: Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"


  1. "Ihr Computer wurde gesperrt... - Bundespolizei"
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (3)
  2. Bundespolizei "Ihr Computer wurde gesperrt."
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (5)
  3. Rechner gesperrt - "Polizei - Ihr Computer wurde gesperrt"
    Log-Analyse und Auswertung - 12.02.2013 (5)
  4. "Ihr Computer wurde gesperrt" Trojaner eingefangen - Hilfe :(
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (8)
  5. Bundestrojaner Variante: "Ihr Computer wurde gesperrt"; " Ihr Computer wurde durch das Speichern der autom. Informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 25.11.2012 (10)
  6. "Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 19.09.2012 (1)
  7. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde gesperrt."
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (2)
  8. Ihr Computer wurde gesperrt "Bundespolizei"...
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (1)
  9. WinXP verseucht: "...ihr Computer wurde gesperrt... Bundespolizei..."
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (1)
  10. Windows 7 64 Bit "GVU"" Ihr Computer wurde gesperrt."
    Log-Analyse und Auswertung - 30.07.2012 (27)
  11. Laie mit großem Problem - "Bundespolizei - Ihr PC wurde gesperrt"
    Log-Analyse und Auswertung - 30.07.2012 (2)
  12. BKA Trojaner auf meinem Laptop "Ihr Computer wurde gesperrt" Benötige Hilfe
    Plagegeister aller Art und deren Bekämpfung - 20.07.2012 (10)
  13. Brauche Hilfe: Bundespolizei: Ihr computer wurde [...]gesperrt (OTL-Files)
    Log-Analyse und Auswertung - 18.07.2012 (3)
  14. Meldung "Security Center !Achtung! Ihr Computer wurde gesperrt"
    Log-Analyse und Auswertung - 06.02.2012 (3)
  15. windows security center " Achtung! Ihr Computer wurde gesperrt! " Nr. 2
    Alles rund um Windows - 31.01.2012 (1)
  16. windows security center " Achtung! Ihr Computer wurde gesperrt! "
    Alles rund um Windows - 31.01.2012 (1)
  17. Überbleibsel des "Bundespolizei"/"Windows System Recovery" -Trojaners
    Log-Analyse und Auswertung - 25.11.2011 (47)

Zum Thema Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt" - Hallo zusammen, ich habe diesen Trojaner / Virus auf meinem Rechner: hxxp://img.trojaner-board.de/bundespolizei.png Zuerst habe ich Malwarebytes im abgesicherten Modus upgedatet und laufen lassen. Aus Versehen habe ich die infizierten Dateien - Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"...
Archiv
Du betrachtest: Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.